synacktiv
diff --git a/‎BappDescription.html‎
Lines changed: 43 additions & 1 deletion b/‎BappDescription.html‎
Lines changed: 43 additions & 1 deletion
diff --git a/‎BappManifest.bmf‎
Lines changed: 6 additions & 5 deletions b/‎BappManifest.bmf‎
Lines changed: 6 additions & 5 deletions
diff --git a/‎README.md‎
Lines changed: 192 additions & 50 deletions b/‎README.md‎
Lines changed: 192 additions & 50 deletions
@@ -1 +1,43 @@
-<p> HopLa adds autocompletion support and useful payloads in Burp Suite to make your intrusion easier.</p>
+<p>HopLa extension enhances Burp Suite with intelligent autocompletion and built-in payloads to simplify intrusion testing.
+    It supports integration with AI providers like Ollama, OpenAI, and Gemini to offer advanced features such as chat and
+    content generation/transformation. You can also add your own payloads to tailor it to your needs!
+</p>
+
+<h2>Features</h2>
+<ul>
+    <li>Integrate AI-powered autocompletion (Copilot style)</li>
+    <li>Enable AI-based chat for interaction and guidance</li>
+    <li>Use AI instructions to quickly transform HTTP requests</li>
+    <li>Copy formatted requests and responses for easy reporting</li>
+    <li>Search and replace in Repeater</li>
+    <li>Access a one-click payload insertion menu</li>
+    <li>Insert Burp Collaborator domains dynamically</li>
+    <li>Assign keyboard shortcuts to specific payloads</li>
+    <li>Add custom keywords on the fly during testing</li>
+</ul>
+
+<h2>Basic usage</h2>
+
+<p>By default, HopLa comes with a built-in set of payloads. You can extend them by loading your own custom YAML file via the top menu.
+(See the <a href="https://github.com/synacktiv/HopLa/blob/main/src/main/resources/default-payloads.yaml">Default payloads file</a> for reference.)</p>
+
+<p>AI providers can be configured by importing your YAML configuration (see <a href="https://github.com/synacktiv/HopLa/">Configure AI providers</a>).
+    HopLa supports multiple AI providers (OpenAI, Gemini, Ollama), but AI-powered autocompletion is only available with Ollama.
+</p>
+
+<p>Several keyboard shortcuts are predefined by default and can be customized through configuration files.</p>
+<ul>
+    <li><strong><code>Ctrl+Q</code></strong> - Open the <strong>Payload Library</strong> menu</li>
+    <li><strong><code>Ctrl+J</code></strong> - Launch the <strong>AI Chat</strong></li>
+    <li><strong><code>Ctrl+Alt+O</code></strong> - Open the <strong>Quick Actions</strong> menu</li>
+    <li><strong><code>Ctrl+L</code></strong> - Open the <strong>Search & Replace</strong> menu</li>
+    <li><strong><code>Ctrl+M</code></strong> - Insert a <strong>Burp Collaborator</strong> payload</li>
+    <li><strong><code>Ctrl+Alt+J</code></strong> - Open the <strong>Custom Keywords Manager</strong></li>
+</ul>
+
+<p>If you're using <strong>i3</strong>, add the following line to your <strong>$HOME/.config/i3/config</strong> to enable floating mode for the frame:</p>
+<pre><code>
+    for_window [class=".*burp-StartBurp.*" title="^ $"] floating enable
+</code></pre>
+
+<p>For more information, please refer to the documentation at <a href="https://github.com/synacktiv/HopLa">GitHub HopLa</a>.</p>
@@ -2,11 +2,12 @@ Uuid: 48006894b97966581660047517ea3f42
 ExtensionType: 1
 Name: HopLa
 RepoName: HopLa
-ScreenVersion: 1.0
+ScreenVersion: 2.0
 SerialVersion: 0
-MinPlatformVersion: 0
+MinPlatformVersion: 4
 ProOnly: False
-Author: Alexis Danizan / Synacktiv
-ShortDescription: Enable autocompletion for payload.
+Author: Alexis Danizan
+ShortDescription: Enables autocompletion for payloads and AI features.
 EntryPoint: releases/HopLa.jar
-BuildCommand: gradle jar
+BuildCommand: gradle build
+SupportedProducts: Pro, Community
@@ -1,100 +1,206 @@
-# HopLa V2
+# HopLa - Burp copilot
 
-💥 All the power of PayloadsAllTheThings, without the overhead. 
-This extension adds autocompletion support and useful payloads in Burp Suite to make your intrusion easier.
+💥 All the power of PayloadsAllTheThings, without the overhead.
 
-Feel free to improve with your payloads ! ❤️
+This extension enhances Burp Suite with intelligent autocompletion and built-in payloads to simplify intrusion testing. 
+It supports integration with AI providers like Ollama, OpenAI, and Gemini to offer advanced features such as chat and 
+content generation/transformation. You can also add your own payloads to tailor it to your needs!
 
 Developed by Alexis Danizan [![Twitter Follow](https://img.shields.io/twitter/follow/alexisdanizan?style=social)](https://twitter.com/alexisdanizan/)  
 Released as open source by [Synacktiv 🥷](https://www.synacktiv.com/) 
 
-
 ![Demo GIF](img/demo.gif)
 
+<p float="left">
+  <img src="img/quick_actions.png" width="400" />
+  <img src="img/ai_chat.png" width="550" /> 
+</p>
+
+**Features**:
+  * Integrate AI-powered autocompletion (Copilot style)
+  * Enable AI-based chat for interaction and guidance
+  * Use AI instructions to quickly transform HTTP requests
+  * Copy formatted requests and responses for easy reporting
+  * Search and replace in Repeater
+  * Access a one-click payload insertion menu
+  * Insert Burp Collaborator domains dynamically
+  * Assign keyboard shortcuts to specific payloads
+  * Add custom keywords on the fly during testing
+
 ## Getting started
 
 ### Installation
 
- * Download the jar file from the release directory
+ * Download the jar file from the [release directory](https://github.com/synacktiv/HopLa/releases)
  * Add it to Burp Suite using the Extender tab
 
-### Build
-
-Build with Docker or Podman:
-
-```bash
-$ podman build -t hopla .
+## Usage
 
-$ podman run --rm  -v "$PWD":/data hopla gradle build
-Starting a Gradle Daemon (subsequent builds will be faster)
-> Task :compileJava
+By default, HopLa comes with a built-in set of payloads. You can extend them by loading your own custom YAML file via the top menu.
+(See the [default payloads file](https://github.com/synacktiv/HopLa/blob/main/src/main/resources/default-payloads.yaml) for reference.)
 
-> Task :encryptResource
-Encrypting /data/src/main/resources/default-payloads.yaml to /data/build/encryptedResources/default-payloads.enc.yaml
+AI providers can be configured by importing your YAML configuration (see [Configure AI providers](#configure-ai-providers))
 
-> Task :processResources
-> Task :classes
-> Task :jar
-> Task :assemble
-> Task :compileTestJava NO-SOURCE
-> Task :processTestResources NO-SOURCE
-> Task :testClasses UP-TO-DATE
-> Task :test NO-SOURCE
-> Task :check UP-TO-DATE
-> Task :build
+Several keyboard shortcuts are predefined by default and can be customized through configuration files.
 
-BUILD SUCCESSFUL in 11s
-4 actionable tasks: 4 executed
+* **`Ctrl+Q`** - Open the **Payload Library** menu
+* **`Ctrl+J`** - Launch the **AI Chat**
+* **`Ctrl+Alt+O`** - Open the **Quick Actions** menu
+* **`Ctrl+L`** - Open the **Search & Replace** menu
+* **`Ctrl+M`** - Insert a **Burp Collaborator** payload
+* **`Ctrl+Alt+J`** - Open the **Custom Keywords Manager**
 
-$ ls build/libs/
-HopLa-2.0.0.jar
+If you're using **i3**, add the following line to your `$HOME/.config/i3/config` to enable floating mode for the frame:
+```
+for_window [class=".*burp-StartBurp.*" title="^ $"] floating enable
 ```
 
-Execute `gradle build` and you'll have the plugin ready in `build/libs/HopLa-2.0.0.jar`.
-
-## Usage
-
-By default HopLa is shipped with default payloads. You can add yours by loading a custom JSON file in the the menu. 
+### Configure AI providers
 
-At the first usage HopLa creates a JSON file containing all the payloads in the jar file directory.
+HopLa supports multiple AI providers (OpenAI, Gemini, Ollama), but AI-powered autocompletion is only available with Ollama.
 
-Press `Ctrl+Q` to display the payload library menu.
+| Features          | Ollama | Gemini | OpenAI |
+|-------------------|:------:|:------:|:------:|
+| Chat              | ✅ Yes  | ✅ Yes  | ✅ Yes  |
+| Autocompletion    | ✅ Yes  |  ❌ No  |  ❌ No  |
+| Quick Action      | ✅ Yes  | ✅ Yes  | ✅ Yes  |
 
-You can disable the global autocompletion in the top menu.
 
-For i3, add the following line to `$HOME/.config/i3/config` for floating frame:
+The YAML configuration file for AI is structured as follows (a sample file can be exported from the HopLa menu):
 
+```yaml
+shortcut_ai_chat: Ctrl+J
+shortcut_quick_action: Ctrl+Alt+O
+#autocompletion_min_chars: 1 # Minimum input length for AI-powered autocompletion (default: 1)
+
+providers:
+  OPENAI:
+    enabled: true
+    chat_model: gpt-4.1
+    chat_endpoint: https://api.openai.com/v1/chat/completions
+    #chat_model_system_prompt: REPLACE_ME
+    quick_action_model: gpt-4.1
+    #quick_action_system_prompt: REPLACE_ME
+    quick_action_endpoint: https://api.openai.com/v1/chat/completions
+    headers:
+      Authorization: "Bearer REPLACE_ME"
+    proxy:
+      enabled: true
+      host: 127.0.0.1
+      port: 5555
+      username: user123
+      password: pass123
+      type: SOCKS # SOCKS or HTTP 
+  GEMINI:
+    enabled: true
+    chat_model: gemini-2.0-flash
+    chat_endpoint: https://generativelanguage.googleapis.com/v1beta/models/@model:streamGenerateContent?alt=sse&key=@key #HopLa replace @key with api_key value
+    #chat_model_system_prompt: REPLACE_ME
+    quick_action_endpoint: https://generativelanguage.googleapis.com/v1beta/models/@model:streamGenerateContent?alt=sse&key=@key #HopLa replace @key with api_key value
+    #quick_action_system_prompt: REPLACE_ME    
+    api_key: REPLACE_ME
+    proxy:
+      enabled: true
+      host: 127.0.0.1
+      port: 5555
+      username: user123
+      password: pass123
+      type: SOCKS # SOCKS or HTTP 
+
+  OLLAMA:
+    enabled: true
+    completion_model: qwen2.5-coder:3b
+    completion_endpoint: http://localhost:11434/api/generate
+    #completion_model_system_prompt: REPLACE_ME
+    completion_prompt: "<|fim_prefix|>@before<|fim_suffix|>@after<|fim_middle|>" # @input, @section, @before, @after
+    completion_params:
+      seed: 42
+      temperature: 0.0
+      top_p: 1.0
+      top_k: 0
+      num_predict: 15
+    completion_stops:
+      - "\n"
+      - "<|fim_middle|>"
+    chat_model: qwen2.5-coder:3b
+    #chat_model_system_prompt: REPLACE_ME
+    chat_endpoint: http://localhost:11434/api/chat
+    #chat_stops:
+    #  - "\n"
+    #chat_params:
+    #  - temperature: 0.0
+    quick_action_model: qwen2.5-coder:7b
+    quick_action_endpoint: http://localhost:11434/api/generate
+    #quick_action_system_prompt: REPLACE_ME    
+    #quick_action_stops:
+    #  - "\n"
+    #quick_action_params:
+    #  - temperature: 0.0
+    
+
+defaults:
+  chat_provider: OLLAMA # OLLAMA, OPENAI, GEMINI
+  completion_provider: OLLAMA # OLLAMA, OPENAI, GEMINI
+  quick_action_provider: OLLAMA # OLLAMA, OPENAI, GEMINI
+  timeout_sec: 60
+
+prompts:
+  - name: technologies
+    description: "Fingerprint web technologies"
+    content: |
+      Analyze the following HTTP response and identify the web technologies used. 
+      List your reasoning for each technology detected.
+
+quick_actions:
+  - name: multipart
+    description: "Transform request to multipart"
+    content: |
+      Transform the following HTTP POST request into a multipart/form-data request:
+  - name: json
+    description: "Transform request to json"
+    content: |
+      Transform the following HTTP POST request into a JSON request:
+  - name: headers_name
+    description: "Extract HTTP header names"
+    content: |
+      From the HTTP request below, extract only the unique header names. List each name on a separate line. Do not include header values.
 ```
-for_window [class=".*burp-StartBurp.*" title="^ $"] floating enable
-```
 
-### How to add payloads
 
-The YAML payloads file follow the structure:
+### How to customize payloads
+
+The YAML payloads file follow the structure (there is no nesting limit):
 
 ```yaml
 shortcut_search_and_replace: Ctrl+L
 shortcut_payload_menu: Ctrl+Q
 shortcut_collaborator: Ctrl+M
-shortcut_ia_chat: Ctrl+J
+shortcut_add_custom_keyword: Ctrl+Alt+J
 
 categories:
   - name: "XSS"
     payloads:
       - name: "Fingerprint"
         value: "\"><h1>"
-        shortcut: Ctrl+k
-
+        shortcut: Ctrl+k # Use this shortcut to insert a payload
+  - name: "Path Traversal"
+    categories:
+      - name: "Simple"
+        payloads:
+          - name: ""
+            value: "../"
+      - name: "Simple 2"
+        payloads:
+          - name: ""
+            value: "../"
 keywords:
   - name: "Headers"
     values:
       - "Accept"
       - "Accept-Charset"
 ```
 
-There is no nesting limit.
-
-To add only keywords that do not appear in the menu, you can add them in the keywords category:
+To add only autocompletion keywords that do not appear in the menu, you can add them in the **keywords** category:
 
 ```yaml
 keywords:
@@ -104,6 +210,42 @@ keywords:
       - "Accept-Charset"
 ```
 
+## Build
+
+Build using Docker or Podman:
+
+```bash
+$ podman build -t hopla .
+
+$ podman run --rm -v "$PWD":/data hopla gradle build
+Starting a Gradle Daemon (subsequent builds will be faster)
+> Task :compileJava
+
+> Task :encryptResource
+Encrypting /data/src/main/resources/default-payloads.yaml to /data/build/encryptedResources/default-payloads.enc.yaml
+
+> Task :processResources
+> Task :classes
+> Task :jar
+> Task :assemble
+> Task :compileTestJava NO-SOURCE
+> Task :processTestResources NO-SOURCE
+> Task :testClasses UP-TO-DATE
+> Task :test NO-SOURCE
+> Task :check UP-TO-DATE
+> Task :build
+
+BUILD SUCCESSFUL in 11s
+4 actionable tasks: 4 executed
+
+$ ls releases
+HopLa.jar
+```
+
+Execute `gradle build` and you'll have the plugin ready in `releases/HopLa.jar`.
+
+To avoid triggering antivirus alerts, the YAML payload file is encrypted at build time.
+
 ## Thanks To
 
  * https://github.com/Static-Flow/BurpSuiteAutoCompletion