HopLa is a Burp Suite extension designed to enhance penetration testing workflows by integrating AI capabilities, autocompletion, and a comprehensive payload library. It targets security professionals seeking to streamline tasks like request transformation, content generation, and payload insertion, offering a "copilot" experience within Burp Suite.

How It Works

HopLa leverages AI models from providers like Ollama, OpenAI, and Gemini to power its features. It integrates with these services via API calls, allowing for AI-driven chat, autocompletion (Copilot-style), and request transformation based on user-defined prompts. The extension also supports custom YAML configurations for payloads and AI provider settings, enabling significant customization. AI-powered autocompletion is specifically noted as being available only with Ollama.

Quick Start & Requirements

• Install by downloading the .jar file from the releases directory and adding it to Burp Suite via the Extender tab.
• AI features require configuration with API keys or local Ollama setup.
• Customization involves loading YAML files for payloads and AI configurations.
• Predefined keyboard shortcuts are available for quick access to features.

Highlighted Details

• AI-powered autocompletion (Copilot style) available with Ollama.
• Supports chat and content generation/transformation via OpenAI, Gemini, and Ollama.
• Integrates a payload library inspired by PayloadsAllTheThings, with customizability.
• Features include dynamic Burp Collaborator domain insertion and customizable keyboard shortcuts.

Maintenance & Community

The project is developed by Alexis Danizan and released by Synacktiv. It acknowledges contributions from other open-source projects. Further community interaction details (Discord/Slack, roadmap) are not explicitly provided in the README.

Licensing & Compatibility

Released under the BSD 3-Clause License. This license is permissive and generally compatible with commercial and closed-source applications.

Limitations & Caveats

AI-powered autocompletion is exclusively supported by Ollama; OpenAI and Gemini do not offer this specific feature. The README mentions potential antivirus alerts due to encrypted payload files during the build process.