Caido – A lightweight web security auditing toolkit

By0xLuk3

Caido – A lightweight web security auditing toolkit

Caido is a new lightweight web security auditing toolkit designed to make professional-grade security testing more accessible. Since it provides a free version, it is perfect for new beginners or security students. However, it has some limitations, up to two scopes. The passionate team’s goal behind this project is to help security professionals and enthusiasts audit web applications with ease and efficiency.

Caido is a great BurpSuite competitor and has plenty of features, such as interception of requests in real-time while browsing, resending test endpoints manually, the possibility of creating your encoders/decoders, providing a sitemap with visualization in real-time, and automation.

In addition, it allows users to install plugins easily and with minimal code required, and it introduces HTTPQL, a new query language for hackers.

HTTPQL allows you to filter requests and responses, and it uses the following: Namespace, Field, Operator, Value

It also supports standalone strings without a namespace, field, and operator to search for requests and responses.

Queries encompass multiple filter clauses combining logical operators and logical grouping.

(resp.code.eq:101
OR resp.raw.cont:"smth"
AND req.path.eq:"graphsql")

Logical operators

AND --both the left and right clauses must be true
OR -- either the left or right clause must be true

Logical grouping

Caido supports the priority of operations, with AND having a higher priority than OR as such:

clause1 OR clause2 AND clause3 is equivalent to (clause1 OR (clause2 AND clause3))
clause1 AND clause2 AND clause3 is equivalent to ((clause1 AND clause2) AND clause3)

After installing the software, users can indicate which links are considered within the scope and which are not. Additionally, they can easily access the sitemap of any URL requested. The tool allows users to intercept, replay, and view bug reports for specific requests.

Caido can be installed on macOS, Linux, and Windows. In this article, I will walk you through the installation guide for Linux.

Installing Caido on Linux

First of all, you need to:

  • Create an account at caido.io and
  • Download the Caido installer package for Linux, which is the deb file from the dashboard or Github repository.
Screenshot by the author
  • Open the terminal and navigate to the download package directory.
  • Use the command “sudo dpkg i <deb file>” to install Caido.
Screenshot by the author

When I first ran this command, I encountered dependency issues, but I was able to fix them by running the “sudo apt — fix-broken install” command.

Screenshot by the author

With that in place, the installation was successful. You must type the ” caido ” command in your terminal to launch the software.

A pop-up window indicating that the program runs as it should allows me to edit the instance, which I have named “Web testing,” listening on port 8080.

Screenshot by the author

Caido is a flexible web application security tool. One of its key features is the ability to host it anywhere, such as on a virtual private server (VPS).

By default, Caido listens on the IP address 127.0.0.1 and port 8080. This is the recommended configuration, as there is currently no built-in access control on the proxy portion of Caido. Listening on 127.0.0.1 limits access to the local machine only.

To avoid problems, you must download and set up the CA Certificate provided with the installation.

Screenshot by the author

Go ahead and download the certificate. From Firefox settings, search for the certificate you downloaded and click import.

Screenshot by the author

Once it is done, you need to configure your browser’s proxy settings.

You may follow the tutorial here for the installation process.

Screenshot by the author

Now click the “Manual Proxy Configuration” radio button. Set the “HTTP Proxy” field to “127.0.0.1” and the “Port” field to 8080. Enable the “Also use this proxy for HTTPS” option.

Screenshot by the author

Click “OK” to save the configuration.

You are all set! You can now use Caido.

To start the program after installation, run the command “caido” from the terminal and click start.

Screenshot by the author

From the top right corner, you can now create a project and define the scope you are interested in. As mentioned above, you have many options here, and from the Scope portal, you can filter domains or IPs that are in or out of scope.

Screenshot by the author
Screenshot by the author

Conclusion

The installation of Caido should be straightforward. Kali Linux is an excellent tool for security assessment, security testing, and vulnerability scanning, containing many tools and utilities.

Caido features

An overview containing sitemap, scope, and filters.

A proxy that intercepts traffic in real-time, HTTP history, WS history, and match & replace.

Testing with the ability to replay, automate, assistant

Logging, which supports search, exports

Workspace for files, up to two projects with the free version, backups

Plugins to expand your tool with custom CSS, custom JS (WIP), and custom workflow nodes (WIP)

Internals such as files, cloud, and authentication

If you need more information, please check the documentation here.

Thanks for reading.

CyberLuk3

Similar Posts

  • Backing up your data

    By0xLuk3

    Jepp, you are correct. A quick Google search for your data backup will give you 49 million results. You will then wonder why I would write an article on Medium. I am creating this guide to simplify technical terminology, making it accessible to everyone. Whether using Windows or MacOS, you can easily understand how to…

  • Encoding and encryption

    By0xLuk3

    Encoding and encryption are used interchangeably. Encryption involves encoding data for confidentiality and security, while encoded data is not necessarily confidential. What is encoding? Encoding is converting data from one format to another so that a different system can safely use it. This might involve sending binary (1s and 0s) data via email or displaying…

  • 9 Common Malware Behaviors

    By0xLuk3

    Threat actors Threat actors use viruses, worms, and Trojan horses to carry their payloads for other malicious reasons. The most prevalent malware is ransomware, which denies access to the infected computer system or its data. The cybercriminals then demand payment to release the computer system. Ransomware has evolved to become the most profitable malware type in history….

  • Objectives of Cyber Threat Intelligence

    By0xLuk3

    A quick Google search for an answer will return many variations. Some will make sense to you, and some will not.

    Cyber threat intelligence (CTI) is gathering information from various sources about current or potential threats to an organization. That’s a simple and short definition for now, you would think.

    I will explore this question in more detail in this article and hope to help you better understand and define it.

    What is Cyber Threat Intelligence (CTI)?
    Most of the people you meet will not know what CTI is, and that’s because, unfortunately, there is no single answer. In other words, CTI means many different things to many different people. Some would define it as a “Data Feed of Indicators of Compromise (IOC).” Some would say that CTI is a systematic analysis structure of the threat.