8 |
--------------------------------------------------------------------------------
/src/concepts/plugins/backend.md:
--------------------------------------------------------------------------------
1 | # Plugin Backend (WIP)
2 |
3 | The backend component of Caido is the server responsible for data processing, storage and business logic.
4 |
5 | Backend development allows you to:
6 |
7 | - Extend the server-side functionality of the Caido application.
8 | - Interact with the application's data, databases and infrastructure.
9 | - Handle authentication, authorization and data calls.
10 |
--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "documentation",
3 | "version": "1.0.0",
4 | "description": "",
5 | "main": "index.js",
6 | "scripts": {
7 | "dev": "vitepress dev",
8 | "build": "vitepress build",
9 | "preview": "vitepress preview",
10 | "lint": "markdownlint-cli2 'src/**/*.md'"
11 | },
12 | "keywords": [],
13 | "author": "",
14 | "license": "ISC",
15 | "devDependencies": {
16 | "vitepress": "^1.2.2"
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/.devcontainer/devcontainer.json:
--------------------------------------------------------------------------------
1 | {
2 | "image": "mcr.microsoft.com/devcontainers/universal:2",
3 | "postCreateCommand": "npm install -g pnpm && pnpm install",
4 | "postStartCommand": "pnpm dev",
5 | "features": {
6 | "ghcr.io/devcontainers-contrib/features/pnpm:2": {},
7 | "ghcr.io/devcontainers-contrib/features/markdownlint-cli2:1": {}
8 | },
9 | "customizations": {
10 | "vscode": {
11 | "extensions": [
12 | "DavidAnson.vscode-markdownlint",
13 | "esbenp.prettier-vscode"
14 | ]
15 | }
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/src/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | # https://vitepress.dev/reference/default-theme-home-page
3 | layout: home
4 |
5 | hero:
6 | name: "Caido"
7 | text: "A lightweight web security auditing toolkit"
8 | image:
9 | src: /logo.png
10 | "no-shadow": true
11 |
12 | tagline: Guides and Documentation
13 | actions:
14 | - theme: brand
15 | text: Quickstart
16 | link: /quickstart/
17 |
18 | - theme: alt
19 | text: Guides
20 | link: /guides/
21 |
22 | - theme: alt
23 | text: Reference
24 | link: /reference/
25 |
26 | - theme: alt
27 | text: Concepts
28 | link: /concepts/
29 | ---
30 |
31 |
--------------------------------------------------------------------------------
/src/quickstart/distributions/index.md:
--------------------------------------------------------------------------------
1 | # Distributions
2 |
3 | Caido is included natively in a couple OS distributions. If you already use one of them, it is the easiest way to get started :sparkles:
4 |
5 | This is by no mean a requirement since you can [install Caido on all major OS](/quickstart/beginner_guide/setup/install).
6 |
7 | ## Linux
8 |
9 | - [Athena OS](/quickstart/distributions/linux/athena_os): Arch & NixOS based pentesting distribution
10 |
11 | ## You are a maintainer?
12 |
13 | If you are a maintainer of distribution and would like to include Caido natively, please reach out to us on [Discord](https://links.caido.io/www-discord) or via [our contact form](https://caido.io/contact).
14 |
--------------------------------------------------------------------------------
/src/concepts/essentials/tabs.md:
--------------------------------------------------------------------------------
1 | # Tabs
2 |
3 | Pages such as [Replay](/reference/features/testing/replay.md) and [Automate](/reference/features/testing/automate.md) feature a tab system to quickly switch between items of interest. These tabs are accompanied with a tree view on the left side of the page.
4 |
5 | In case you need to declutter your Workspace, you can close any tab at any time without worrying about losing your data.
6 | Just head over to the tree view in the sidebar, and you'll find all your Sessions ready to be reopened.
7 |
8 | This functionality allows you to manage your screen real estate efficiently while maintaining the ability to access and resume your work at any point.
9 |
10 | 
11 |
--------------------------------------------------------------------------------
/.vitepress/components/Pro.vue:
--------------------------------------------------------------------------------
1 |
3 |
4 |
5 | 
22 |
23 | With an active community and constant discussion, feel free to ask any questions!
24 |
25 | Click [here](https://links.caido.io/www-discord) to join the server!
26 |
--------------------------------------------------------------------------------
/src/quickstart/beginner_guide/welcome_to_caido/onboarding.md:
--------------------------------------------------------------------------------
1 | # Onboarding
2 |
3 | ## What is Caido?
4 |
5 | **Caido** is an advanced web security toolkit. With Caido - security researchers can be ensured their audits are streamlined, thorough and organized.
6 |
7 | ## Setting Up Caido
8 |
9 | - [Installation](../setup/install.md)
10 | - [Configuration](../setup/config.md)
11 | - [Uploading Files for Use in Automate](../setup/file_upload.md)
12 |
13 | ## Using Caido
14 |
15 | - [Creating Your First Project](../first_steps_with_caido/project.md)
16 | - [Capturing and Inspecting Web Traffic](../first_steps_with_caido/traffic.md)
17 | - [Forwarding and Modifying Requests Repeatedly](../first_steps_with_caido/replay.md)
18 | - [Automating Brute-Forcing/Fuzzing](../first_steps_with_caido/automate.md)
19 |
20 | ## Getting Help
21 |
22 | - [Support](../getting_help/support.md)
23 |
--------------------------------------------------------------------------------
/src/guides/index.md:
--------------------------------------------------------------------------------
1 | # Directory
2 |
3 | ## User Guide
4 |
5 | - **[Installation](./user_guide/installation.md)** - step-by-step instructions on downloading Caido.
6 | - **[Caido on a VPS](./user_guide/vps.md)** - running Caido on a Virtual Private Server.
7 | - **[Caido on Dockerhub](./user_guide/docker.md)** - running Caido in a Docker container.
8 | - **[Proxying Local Traffic](./user_guide/proxy_local.md)** - capturing localhost traffic.
9 |
10 | ## Plugins
11 |
12 | - **[Notebook](./plugins/notebook.md)** - A note taking plugin.
13 |
14 | ## Workflows
15 |
16 | - **[JWT Decode](./workflows/jwt_decode.md)** - Building a Convert Workflow to decode JWTs.
17 | - **[Add Header & Send Request](./workflows/add_header.md)** - Building a Passive Workflow that will add a request header and resend the request.
18 |
19 | ## Contributions
20 |
21 | - **[Documentation](./contributions/documentation.md)** - contributing to Caido's documentation.
22 |
--------------------------------------------------------------------------------
/.github/workflows/validate.yml:
--------------------------------------------------------------------------------
1 | name: Lint
2 | on:
3 | pull_request:
4 | paths:
5 | - '**.md'
6 |
7 | concurrency:
8 | group: lint-${{ github.ref_name }}
9 | cancel-in-progress: true
10 |
11 | env:
12 | CAIDO_PNPM_VERSION: 9
13 |
14 |
15 | jobs:
16 | lint:
17 | runs-on: ubuntu-latest
18 |
19 | steps:
20 | - name: Checkout Repo
21 | uses: actions/checkout@v4
22 |
23 | - name: Lint
24 | uses: DavidAnson/markdownlint-cli2-action@510b996878fc0d1a46c8a04ec86b06dbfba09de7 # v15
25 | with:
26 | globs: '**/*.md'
27 |
28 | build:
29 | runs-on: ubuntu-latest
30 |
31 | steps:
32 | - name: Checkout Repo
33 | uses: actions/checkout@v4
34 |
35 | - name: Setup pnpm
36 | uses: pnpm/action-setup@v3.0.0
37 | with:
38 | version: ${{ env.CAIDO_PNPM_VERSION }}
39 |
40 | - name: Install dependencies
41 | run: pnpm install --frozen-lockfile
42 |
43 | - name: Run build
44 | run: pnpm build
45 |
46 |
47 |
--------------------------------------------------------------------------------
/src/reference/features/workspace/plugins.md:
--------------------------------------------------------------------------------
1 | # Plugins
2 |
3 | The `Plugins` tab allows you to install and manage plugin packages in Caido.
4 |
5 | These packages expand Caido's functionality, offering a means to futher customize your Instance.
6 |
7 | ## Plugins Layout
8 |
9 | 
10 |
11 | 1. Select the `Plugins` tab from the left-hand menu within the Caido window.
12 | 2. To import a new Plugin package - click the `Install Package` button. Your device's file manager will pop-up. Select the plugin to upload.
13 | 3. Toggle the `>` icon to `∨` to expand/collapse the details of the associated Plugin.
14 | 4. Toggling the checkbox from filled to empty will enable/disable the associated Plugin.
15 | 5. To remove a plugin from your Caido Instance - click `Uninstall`.
16 |
17 | ::: info
18 | If at least one Plugin is enabled - a new `Plugins` section within the left-hand side menu in Caido will be generated. From here, you can select specific Plugins to access additional information/functionality/usage instructions/etc.
19 | :::
20 |
--------------------------------------------------------------------------------
/src/reference/configuration/import_ca_certificate.md:
--------------------------------------------------------------------------------
1 | # CA Certificate
2 |
3 | To use Caido to intercept (and tamper with) your HTTP/S traffic, it is necessary to import and trust the CA Certificate of Caido in your browser.
4 |
5 | ## Importing the CA Certificate in Your Browser
6 |
7 | 1. After starting Caido on your machine, navigate to `localhost:8080` (or the port you've configured for Caido to listen to) and log in.
8 |
9 | 
10 |
11 | 2. Click on your account icon in the upper-rightmost corner of the Caido window.
12 | 3. Select `CA Certificate` tab or navigate to [http://localhost:8080/#/settings/certificate](http://localhost:8080/#/settings/certificate).
13 |
14 | 
15 |
16 | 4. Download the certificate and follow the importation instructions provided within Caido. After you've successfully imported the certificate, your browser is now configured to proxy its traffic through Caido.
17 |
18 | ::: tip
19 | Ensure to select the importation instructions specific to your browser of choice.
20 | :::
21 |
--------------------------------------------------------------------------------
/src/quickstart/beginner_guide/setup/file_upload.md:
--------------------------------------------------------------------------------
1 | # Uploading Files for Use in Automate
2 |
3 | _For advanced documentation on this topic - click [here](/reference/features/workspace/files.md)._
4 |
5 | `Automate` allows you to brute-force/fuzz designated elements of a request.
6 |
7 | - In order to utilize the [Hosted File Payload Type](/reference/features/testing/automate.md#payload-types) in `Automate` - you must first upload payload files/wordlists in the `Files` tab within Caido.
8 |
9 | ## Files
10 |
11 | 
12 |
13 | 1. Select the `Files` tab from the left-hand menu within the Caido window.
14 | 2. Drag and drop the files you wish to upload into this box or click `Browse` to navigate/select the file within your device's file system.
15 | 3. Once you have selected a file, it will appear in this pane.
16 | 4. You can rename the file by clicking the `Edit` button, entering the desired name and then clicking `Save`. To remove a wordlist click on the `⋮` and select `Delete`.
17 |
18 | ## Automating Brute-Forcing/Fuzzing
19 |
20 | Once you have uploaded your desired files - return to Automate documentation here:
21 |
22 | - [Automating Brute-Forcing/Fuzzing](../first_steps_with_caido/automate.md)
23 |
--------------------------------------------------------------------------------
/src/reference/features/proxy/ws_history.md:
--------------------------------------------------------------------------------
1 | # WS History
2 |
3 | The `WS History` tab allows you to view data exchanged between the client and the server passing through the proxy over a WebSocket connection.
4 |
5 | This tab provides you with information such as when the connection was established, where the messages are being sent, the direction of the messages between the client and server, the length of the messages and the contents of each message exchanged.
6 |
7 | ## WS History Layout
8 |
9 | To familiarize yourself with the WS History interface, continue below:
10 |
11 | 
2 |
3 | Caido is available natively in [Athena OS](https://athenaos.org/) in the `Red Team Web Application Analysis` section.
4 | You can install either the [Desktop or CLI version](/concepts/essentials/cli_vs_desktop).
5 |
6 | - `Desktop`: `sudo pacman -S caido-desktop`
7 | - `CLI`: `sudo pacman -S caido-cli`
8 |
9 | Multiple [Athena Roles](https://athenaos.org/en/resources/athena-welcome/#cyber-security-roles) will install Caido for you:
10 |
11 | - 🐞 Bug Bounty Hunter 🐞
12 | - 🌐 Network Analyst 🌐
13 | - ❤️ Red Teamer ❤️
14 | - 🎓 Enthusiast Student 🎓
15 | - 🕸️ Web Pentester 🕸️
16 |
17 |
18 |
25 |
26 | ## WSL
27 |
28 | If you run Athena OS in [Windows Subsystem for Linux](https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux), you should be able to use both the Desktop and CLI versions of Caido.
29 |
30 |
19 | 
20 |
21 |
20 |
22 | 
23 |
24 |
23 | 
31 |
32 | ## Docker
33 |
34 | Caido is also available as a [Docker container](/guides/user_guide/docker) in the [Athena Cyber Hub](https://athenaos.org/en/resources/cyber-hub/).
35 | This allows you to easily spawn Caido completely isolated from the rest on the system.
36 |
37 | 
38 |
--------------------------------------------------------------------------------
/src/concepts/index.md:
--------------------------------------------------------------------------------
1 | # Directory
2 |
3 | ## Essentials
4 |
5 | - **[CLI vs Desktop](./essentials/cli_vs_desktop.md)** - the differences between CLI and Desktop versions.
6 | - **[Instances](./essentials/instances.md)** - running/managing multiple Caido instances at once.
7 | - **[HTTPQL](./essentials/httpql.md)** - filtering requests and responses using HTTP Query Language.
8 | - **[Workflows](./essentials/workflows.md)** - automating input/output modifications.
9 | - **[Nodes](./essentials/workflows/nodes/nodes.md)** - the building blocks of Workflows.
10 | - **[JavaScript in Caido](./essentials/workflows/js_in_caido.md)** - using JavaScript.
11 | - **[Tabs](./essentials/tabs.md)** - managing/organizing your workspace using tabs in Replay and Automate.
12 | - **[Layout](./essentials/layout.md)** - customizing the user interface layout of Caido.
13 |
14 | ## Plugins
15 |
16 | - **[Plugin Basics](./plugins/plugin_basics.md)** - foundational knowledge on Plugins.
17 | - **[Plugin Tooling](./plugins/plugin_tooling.md)** - tools for the ease of Plugin development.
18 | - **[Plugin Frontend](./plugins/frontend.md)** - the frontend component.
19 | - **[Frontend SDK](./plugins/frontend_sdk.md)** - Frontend Software Development Kit.
20 | - **[Plugin Backend](./plugins/backend.md)** - the backend component.
21 | - **[Backend SDK](./plugins/backend_sdk.md)** - Backend Software Development Kit.
22 |
23 | ## Internals
24 |
25 | - **[Files: _Caido Generated_](./internals/files.md)** - inspecting the files that Caido generates.
26 | - **[Cloud](./internals/cloud.md)** - Cloud service information.
27 | - **[Authentication](./internals/authentication.md)** - authentication information.
28 |
--------------------------------------------------------------------------------
/src/quickstart/index.md:
--------------------------------------------------------------------------------
1 | # Welcome to the [Caido](https://caido.io) Documentation!
2 |
3 | ---
4 |
5 | Here you will find a wealth of information on how to use Caido to perform web application security testing.
6 |
7 | Explore our documentation to learn about the different features available as well as how to install and configure Caido.
8 |
9 | 
10 |
11 | ## I am just starting!
12 |
13 | Great! Glad to have you on board! 🚀
14 |
15 | We suggest you start with the [Beginner's Guide](./beginner_guide/welcome_to_caido/onboarding.md) and [Tutorials](./showcase) to get familiar with the basics.
16 |
17 | If you are facing an issue, look into [Common Errors](/reference/common_errors), it might have a clue. Otherwise feel free to join our [Discord](https://links.caido.io/www-discord) and ask for help! 😊
18 |
19 | ## I know my way around!
20 |
21 | You might want to dig into more advanced features we offer like [HTTPQL](/concepts/essentials/httpql.md) and running Caido on remote [VPS](/guides/user_guide/vps.md).
22 |
23 | For everything else: view the [Documentation Directory](/reference/index.md).
24 |
25 | ## Want a quick peak of the future?
26 |
27 | ---
28 |
29 |
30 |
40 |
--------------------------------------------------------------------------------
/src/reference/features/logging/findings.md:
--------------------------------------------------------------------------------
1 | # Findings
2 |
3 | The `Findings` tab allows you to view the discoveries made by Workflows or tools using the SDK. This tab provides a convenient interface of aggregated Findings so you can examine them efficiently.
4 |
5 | ## Findings Layout
6 |
7 |
31 |
32 |
33 |
39 | 33 |
34 | Interview: CTBBPodcast
35 |
36 | www.criticalthinkingpodcast.io 37 |
38 | 36 | www.criticalthinkingpodcast.io 37 |
8 |
9 | 1. Select the `Findings` tab from the left-hand menu within the Caido window.
10 | 2. This pane lists all of your `Reporters`. A Reporter is the producing source of Findings. View all Findings results at one by selecting `All reporters` or select a single Reporter to view its specific results.
11 | 3. All Findings or Reporter associated Findings (_depending on selection_) are listed within this pane.
12 | 4. The details of a selected Finding will be displayed in this pane.
13 | 5. These panes display the request and response pair that are associated with the selected Finding.
14 |
15 | ## Additional Information
16 |
17 | ::: info
18 | Findings are Project specific.
19 | :::
20 |
21 | ::: tip TIPS
22 |
23 | - Clicking the column names (_located at the top and spanning horizontally_) within the top request list pane will sort the requests by the selected column category. View the [Sorting by Properties](/reference/features/overview/sorting.md) documentation for more information.
24 | - Clicking the `{}` button will toggle the Pretty/Raw display option.
25 | - If you have installed the rendering engine - clicking the image icon located at the top-right corner of the response pane will present a visual representation of the response. View the [Basic Configuration](/quickstart/beginner_guide/setup/config.md) documentation for more information.
26 |
27 | :::
28 |
--------------------------------------------------------------------------------
/.vitepress/config.mts:
--------------------------------------------------------------------------------
1 | import { defineConfig } from 'vitepress'
2 |
3 | import { quickstartSidebar, referenceSidebar, guidesSidebar, conceptsSidebar } from './sidebars'
4 |
5 | // https://vitepress.dev/reference/site-config
6 | export default defineConfig({
7 | title: "Caido",
8 | titleTemplate: "Documentation",
9 | description: "Official Caido Documentation",
10 |
11 | srcDir: 'src',
12 | appearance: "force-dark",
13 | sitemap: {
14 | hostname: "https://docs.caido.io"
15 | },
16 |
17 | head: [
18 | ['link', { rel: 'icon', href: '/favicon.png' }],
19 | ["script", { "data-api": "/stats/event", src: "/stats/script.js", "defer":"", "data-domain":"docs.caido.io" }]
20 | ],
21 | ignoreDeadLinks: "localhostLinks",
22 |
23 | themeConfig: {
24 | logo: {
25 | src: '/logo.png',
26 | "no-shadow": true,
27 | },
28 |
29 | search: {
30 | provider: 'local',
31 | },
32 |
33 | nav: [
34 | { text: 'Quickstart', link: '/quickstart/' },
35 | { text: 'Guides', link: '/guides/' },
36 | { text: 'Reference', link: '/reference/' },
37 | { text: 'Concepts', link: '/concepts/' },
38 | { text: 'FAQ', link: '/faq' },
39 | { text: "Report a Bug", link: "/report_bug" }
40 | ],
41 |
42 | sidebar: {
43 | '/quickstart/': quickstartSidebar,
44 | '/reference/': referenceSidebar,
45 | '/guides/': guidesSidebar,
46 | '/concepts/': conceptsSidebar,
47 | },
48 |
49 | socialLinks: [
50 | { icon: 'discord', link: 'https://links.caido.io/discord' },
51 | { icon: 'twitter', link: 'https://twitter.com/caidoio' },
52 | { icon: 'github', link: 'https://github.com/caido/caido' },
53 | ]
54 | }
55 | })
56 |
--------------------------------------------------------------------------------
/src/reference/configuration/listening_address.md:
--------------------------------------------------------------------------------
1 | # Listening Address/Port
2 |
3 | Caido, by default, listens on the IP address `127.0.0.1` and port `8080`. This means that Caido will only be accessible from the same machine it is running on.
4 |
5 | However, you can change the listening address and port to suit your needs. There are two ways to change the listening address, depending on whether you are using the CLI or the desktop application.
6 |
7 | ::: warning
8 | Please note that if you change the listening address to something other than 127.0.0.1, Caido will be accessible from any machine on the network, so it is important to consider the security implications of doing so.
9 | :::
10 |
11 | ## Changing the Listening Address/Port: CLI
12 |
13 | When using the CLI, you can update the listening address by using the `-l` or `--listen` option followed by the desired address and port in the format `ADDR:PORT`.
14 |
15 | _Example: to listen on all available network interfaces on port 8000, use the following command:_
16 |
17 | ```
18 | caido -l 0.0.0.0:8000
19 | ```
20 |
21 | ## Changing the Listening Address/Port: Desktop Application
22 |
23 | Open the Connection Manager and proceed with the following steps:
24 |
25 | 
26 |
27 | 1. Click on the `⋮` icon to the right of the Instance you want to apply a custom listening address to and select `Edit`.
28 |
29 | 
30 |
31 | 2. Select the appropriate radio button. _If using a_ `Custom` _listening address - supply the address in the input field._
32 | 3. Supply the value of the desired listening port.
33 |
--------------------------------------------------------------------------------
/src/reference/features/workspace/backups.md:
--------------------------------------------------------------------------------
1 | # Backups
2 |
3 | `Backups` are self-contained files that contain all the data within a Project. Creating backups is a **Caido Pro** feature, but **all** plans can restore Backups. You can create Backups of your Projects at anytime inside Caido.
4 |
5 | ::: tip
6 | Backups allow you to share your security audits with others - making sure you are on the same page when it comes to collaborative testing.
7 | :::
8 |
9 | ## Creating a Backup
10 |
11 | 
20 |
21 | ## Downloading a Backup
22 |
23 | Once the Backup file creation is complete, it will be available in the `Backups` tab. If your Instance is remote, you can `Download` the Backup to your local machine. Otherwise, you can click on the `⋮` to get the path on disk if you wish to copy it directly.
24 |
25 | 
26 |
27 | ## Restoring a Backup
28 |
29 | Restoring a Backup can be done in one of two ways:
30 |
31 | 1. Importing a `.caidobak` file by clicking the `Import` button and selecting the file.
32 |
33 | 
34 |
35 | 2. Restoring an existing backup from the Backups tab within the Projects interface by clicking the `Restore` button.
36 |
37 | 
38 |
39 | ::: tip
40 | Restoring always creates a new Project, that is why you also need to enter a unique name.
41 | :::
42 |
--------------------------------------------------------------------------------
/src/reference/features/logging/exports.md:
--------------------------------------------------------------------------------
1 | # Exports
2 |
3 | The `Exports` tab allows you to export data from the HTTP History and Search pages and use data collected by Caido in other tools.
4 |
5 | This feature can also be used for archival purposes or audit purposes sometimes required by clients.
6 |
7 | ## Exports Types
8 |
9 | The Exports feature offers two export options:
10 |
11 | 
12 |
13 | 1. **Export all**: Exports all data of the specified tool.
14 | 2. **Export current rows**: Exports only rows that match the filter and [Scope](/reference/features/overview/scope.md) currently set.
15 |
16 | 
48 |
49 | From here you can download/rename/delete the Export.
50 |
--------------------------------------------------------------------------------
/src/quickstart/beginner_guide/setup/config.md:
--------------------------------------------------------------------------------
1 | # Basic Configuration
2 |
3 | _Advanced documentation on where Caido saves data, customizing the listening address/port used by Caido and importing Caido's CA certificate - can be found below:_
4 |
5 | - [Data Location](/reference/configuration/data_location.md)
6 | - [Listening Address/Port](/reference/configuration/listening_address.md)
7 | - [Importing Caido's CA Certificate](/reference/configuration/import_ca_certificate.md)
8 |
9 | ## Changing Default Settings
10 |
11 | In order to change Caido's default settings:
12 |
13 | 
14 |
15 | 1. Click on your `account icon` in the upper-rightmost corner of the Caido window.
16 | 2. Select the `Settings` tab.
17 | 3. You will see the following five tabs: `General`, `Shortcuts`, `Network`, `Rendering` and `Developer`.
18 |
19 | ### General
20 |
21 | Change font-size of the user interface as well as the font size of requests/responses.
22 |
23 | ### Shortcuts
24 |
25 | Change the keybindings of functionality shortcuts.
26 |
27 | ### Network
28 |
29 | Configure an upstream proxy.
30 |
31 | ### Rendering
32 |
33 | Download a rendering engine in order to view a visual representation of a response.
34 |
35 | ### Developer
36 |
37 | Customize Caido by writing your own CSS/JavaScript.
38 |
39 | _For advanced documentation on customizing Caido with CSS - click [here](/reference/plugins/custom_css.md)._
40 |
41 | _For advanced documentation on customizing Caido with JavaScript - click [here](/reference/plugins/custom_js.md)._ `WORK IN PROGRESS`
42 |
43 | ## Creating Your First Project
44 |
45 | Once you have successfully configured Caido - steps on creating your first Project are available here:
46 |
47 | - [Creating Your First Project](../first_steps_with_caido/project.md)
48 |
--------------------------------------------------------------------------------
/.vitepress/sidebars/concepts.ts:
--------------------------------------------------------------------------------
1 | import { DefaultTheme } from "vitepress";
2 |
3 | export const conceptsSidebar: DefaultTheme.SidebarItem[] = [
4 | {
5 | text: "Introduction",
6 | items: [
7 | {
8 | text: "Directory",
9 | link: "/concepts/",
10 | },
11 | ],
12 | },
13 | {
14 | text: "Essentials",
15 | items: [
16 | {
17 | text: "CLI vs Desktop",
18 | link: "/concepts/essentials/cli_vs_desktop",
19 | },
20 | {
21 | text: "Instances",
22 | link: "/concepts/essentials/instances",
23 | },
24 | {
25 | text: "HTTPQL",
26 | link: "/concepts/essentials/httpql",
27 | },
28 | {
29 | text: "Workflows",
30 | link: "/concepts/essentials/workflows",
31 | items: [
32 | {
33 | text: "Nodes",
34 | link: "/concepts/essentials/workflows/nodes/nodes",
35 | },
36 | {
37 | text: "JavaScript in Caido",
38 | link: "/concepts/essentials/workflows/js_in_caido",
39 | },
40 | ],
41 | },
42 | {
43 | text: "Tabs",
44 | link: "/concepts/essentials/tabs",
45 | },
46 | {
47 | text: "Layout",
48 | link: "/concepts/essentials/layout",
49 | },
50 | ],
51 | },
52 | {
53 | text: "Internals",
54 | items: [
55 | {
56 | text: "Files",
57 | link: "/concepts/internals/files",
58 | },
59 | {
60 | text: "GraphQL",
61 | link: "/concepts/internals/graphql",
62 | },
63 | {
64 | text: "Cloud",
65 | link: "/concepts/internals/cloud",
66 | },
67 | {
68 | text: "Authentication",
69 | link: "/concepts/internals/authentication",
70 | },
71 | ],
72 | },
73 | ];
74 |
--------------------------------------------------------------------------------
/src/reference/configuration/data_location.md:
--------------------------------------------------------------------------------
1 | # Data Location
2 |
3 | All the data Caido creates is stored in a single folder. The default location of this folder is dependent on your OS:
4 |
5 | | OS | Location |
6 | | ------- | ------------------------------------------------ |
7 | | Linux | `~/.local/share/caido` |
8 | | MacOS | `~/Library/Application\ Support/io.caido.Caido/` |
9 | | Windows | `%APPDATA%\caido\Caido\data` |
10 |
11 | ::: tip
12 | The `log` directory will contain the log files used to view output from the Coding Nodes using the [SDK](/reference/workflows/sdk.md).
13 | :::
14 |
15 | ::: info
16 | Currently, it is **not possible** to create Caido Projects outside this folder. However, you can change the location of the whole folder if needed.
17 | :::
18 |
19 | ::: warning
20 | Make sure to copy your existing data to the new location before restarting your Instance.
21 | Otherwise it will restart as if you were on a new device.
22 | :::
23 |
24 | ## Changing the Default Location of the Data Folder: CLI
25 |
26 | For the CLI, use the `--data-path` option:
27 |
28 | ```
29 | caido --data-path /some/data/path
30 | ```
31 |
32 | ## Changing the Default Location of the Data Folder: Desktop Application
33 |
34 | Open the Connection Manager and proceed with the following steps:
35 |
36 |
37 |
38 | 1. Click on the `⋮` icon to the right of the Instance of which you want to change the location of the data folder and select `Edit`.
39 |
40 | 
41 |
42 | 2. Click the `Advanced` drop down menu to expand it.
43 | 3. Select the `Data path` radio button.
44 | 3. Supply the value of the desired location.
45 |
--------------------------------------------------------------------------------
/src/guides/contributions/documentation.md:
--------------------------------------------------------------------------------
1 | # Documentation
2 |
3 | Our documentation is totally [open source](https://github.com/caido/documentation) and is there to help the community.
4 | We are doing our best to improve it, but we would gladly welcome your contributions.
5 | Don't hesitate to join our [Discord](https://links.caido.io/www-discord) if you need help.
6 |
7 | ## Requirements
8 |
9 | - [Git](https://git-scm.com/)
10 | - [mdBook](https://rust-lang.github.io/mdBook/)
11 | - [Github Account](https://github.com)
12 |
13 | ## Steps
14 |
15 | ### Prepare
16 |
17 | 1. (Optional) Open an issue on the [repository](https://github.com/caido/documentation) to let us know you are working on something.
18 | 2. [Fork the repository](https://docs.github.com/en/get-started/quickstart/fork-a-repo).
19 | 3. Clone your fork: `git clone https://github.com/[USERNAME]/documentation`.
20 | 4. Move into the directory: `cd documentation`.
21 | 5. Create a new branch: `git branch -b [BRANCH NAME]`.
22 |
23 | You are now ready to edit files. 🚀
24 |
25 | ### Edits
26 |
27 | - Pages are primarily markdown files, but HTML can be used too.
28 | - **Always** link pages in the `SUMMARY.md` file otherwise they won't show up.
29 | - To render the website we suggest using: `mdbook serve`.
30 |
31 | ### Publish
32 |
33 | 1. Commit changes: `git add . && git commit -m "[WHAT IS MY COMMIT ABOUT]"`.
34 | 2. Push changes to your fork: `git push`.
35 | 3. Open a [pull request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request) on the [Caido repository](https://github.com/caido/documentation).
36 | 4. A preview link will appear in a comment.
37 | 5. Sign the CLA using the link that will also appear in a comment.
38 |
39 | We will then check your pull request, make changes if necessary and merge it. It will then appear on the official documentation. 🎉
40 |
41 | Thanks for your contributions!
43 |
19 |
20 | ## Secrets Storage
21 |
22 | - **Client Secret**: Stored encrypted in the `secrets.db` database on the Instance disk.
23 | - **Instance Access Token**: Stored encrypted in the `secrets.db` database on the Instance disk.
24 | - **User Access & Refresh Tokens**: Stored in the browser `local storage` of the **user**. Never stored on the Instance, but can be present in memory.
25 |
--------------------------------------------------------------------------------
/src/concepts/essentials/cli_vs_desktop.md:
--------------------------------------------------------------------------------
1 | # CLI vs Desktop
2 |
3 | Caido comes in two variations: `Desktop` and `CLI`. We are aware that this is **confusing** to new users, which is why we made this Concept page.
4 |
5 | First, let's revisit the fact that Caido is built around a `client/server` architecture.
6 | This means that the **interface** is decoupled from the **proxying/processing**.
7 |
8 | ## CLI
9 |
10 | The **proxying/processing** part (aka the `server`) is what we call the `Caido CLI`. You can run the CLI pretty much everywhere (_such as on a VPS, a Container, a Cloud machine, etc._). It **doesn't** require a graphical desktop environment.
11 |
12 | It is the most versatile way of using Caido and it is generally recommended as a fallback if your platform doesn't support our Desktop application well.
13 | Advanced users will also find some start options only available in the `CLI`.
14 |
15 | When using the `CLI`, you will use your browser to access the **interface** part of Caido.
16 |
17 | 
18 |
19 | ## Desktop
20 |
21 | The `Desktop` application offers you an all-in-one experience. When you use the Caido desktop, you are also usually using `Caido CLI` without realizing it. :exploding_head:
22 |
23 | When you click `start`, the application will spawn the `Caido CLI` in the background and then open a webview to the **interface** part of Caido. You can still use your browser to access the **interface**.
24 |
25 | The `Desktop` application has some advantages over the `CLI`:
26 |
27 | - You can record multiple Caido [Instances](/concepts/essentials/instances) in one place.
28 | - You can launch pre-configured browsers on your desktop.
29 |
30 | 
31 |
32 | ## Conclusion
33 |
34 | There is no "right" choice here, we offer both since we know some people prefer a separate desktop interface and some prefer to use their browser.
35 |
36 | Both methods should allow you to enjoy Caido at its full potential!
37 |
38 | 
39 |
--------------------------------------------------------------------------------
/.vitepress/theme/custom.css:
--------------------------------------------------------------------------------
1 | :root {
2 | --vp-c-brand-1: #daa04a;
3 | --vp-c-brand-2: #df3259;
4 | --vp-c-brand-3: #a0213e;
5 |
6 | --vp-button-brand-active-bg: var(--vp-c-brand-3);
7 |
8 | }
9 |
10 | @media (min-width: 1536px) {
11 | :root {
12 | --vp-layout-max-width: 1536px;
13 | }
14 |
15 | .VPDoc.has-aside .content-container {
16 | max-width: 1000px !important;
17 | }
18 | }
19 |
20 | @media (min-width: 1920px) {
21 | :root {
22 | --vp-layout-max-width: 1920px;
23 | }
24 |
25 | .VPDoc.has-aside .content-container {
26 | max-width: 1200px !important;
27 | }
28 | }
29 |
30 | img {
31 | -webkit-box-shadow: 2px 5px 15px 3px rgba(0, 0, 0, 0.74);
32 | box-shadow: 2px 5px 15px 3px rgba(0, 0, 0, 0.74);
33 | }
34 |
35 | img[no-shadow] {
36 | -webkit-box-shadow: none;
37 | box-shadow: none;
38 | }
39 |
40 | img[center] {
41 | display: block;
42 | margin-left: auto;
43 | margin-right: auto;
44 | }
45 |
46 | h1 {
47 | color:#daa04a
48 | }
49 |
50 | h2 {
51 | color:#b49566
52 | }
53 |
54 | h3 {
55 | color:#a38e7f;
56 | }
57 |
58 | h4 {
59 | color:#b67474;
60 | }
61 |
62 | .videos {
63 | display: grid;
64 | grid-template-columns: repeat(2, minmax(0, 1fr));
65 | gap: 3rem;
66 | padding: 0.5rem;
67 | }
68 |
69 | /* Media query for mobile view */
70 | @media (max-width: 600px) {
71 | .videos {
72 | grid-template-columns: 1fr; /* Single column layout */
73 | }
74 | }
75 |
76 | .video {
77 | min-height: 6rem;
78 | position: relative;
79 | padding-bottom: 56.25%; /* 16:9 aspect ratio */
80 | height: 0;
81 | overflow: hidden;
82 | }
83 |
84 | .video iframe {
85 | position: absolute;
86 | top: 0;
87 | left: 0;
88 | width: 100%;
89 | height: 100%;
90 | }
91 |
92 | .vignettes {
93 | display: grid;
94 | grid-template-columns: repeat(2, minmax(0, 1fr));
95 | gap: 3rem;
96 | padding: 0.5rem;
97 | }
98 |
99 | /* Media query for mobile view */
100 | @media (max-width: 600px) {
101 | .vignettes {
102 | grid-template-columns: 1fr;
103 | /* Single column layout */
104 | }
105 | }
106 |
--------------------------------------------------------------------------------
/src/guides/user_guide/proxy_local.md:
--------------------------------------------------------------------------------
1 | # Proxying Local Traffic
2 |
3 | When running a web page or web application locally, Caido may not be capturing the traffic due to what is known as **implicit bypass rules**. These rules match URLs whose host portion is either a localhost name or a link-local IP literal. If a match is detected - requests will not be routed through a proxy and are instead sent directly.
4 |
5 | Implicit bypass rules match against the following:
6 |
7 | - localhost
8 |
9 | - *.localhost [::1]
10 |
11 | - 127.0.0.1/8
12 |
13 | - 169.254/16
14 |
15 | - [FE80::]/10
16 |
17 | ## Resolutions
18 |
19 | If you are having issues proxying localhost traffic - try the following:
20 |
21 | #### Use lvh.me:
22 |
23 | This domain name resolves to 127.0.0.1.
24 |
25 | - [http://lvh.me/](http://lvh.me/)
26 |
27 | #### Edit the proxy bypass rules:
28 |
29 | By default, localhost may be included as a proxy bypass address within the list of hosts used by your system/browser/extension. This can be overwritten by supplying `<-loopback>` (_the `-` character inverts the rule_).
30 |
31 | - Launch Chrome via the terminal using:
32 |
33 | ```
34 | google-chrome --proxy-server=127.0.0.1:8080` --proxy-bypass-list="<-loopback>"
35 | ```
36 |
37 | ::: tip
38 | If you customized the listening address/port of Caido - replace the values in the command to match. Click [here](https://chromium.googlesource.com/chromium/src/+/HEAD/net/docs/proxy.md#Overriding-the-implicit-bypass-rules) for more information.
39 | :::
40 |
41 | - If you are using the FoxyProxy browser extension: select `Options` and add `<-loopback>` to the `Global Exclude` list.
42 | - In general, this bypass list can be modified in the proxy settings of different systems/browsers/extensions by supplying `<-loopback>` to the hosts list. This input field is usually accompanied with a title or description that includes key-terms/keywords such as: `except these addresses`, `no-proxy for`, `exclude`, etc.
43 |
44 | #### Use the Firefox Browser:
45 |
46 | ::: info
47 | If proxying localhost traffic is not working in Firefox as well:
48 |
49 | - Navigate to `about:config`.
50 | - Set `network.proxy.allow_hijacking_localhost` to `true`.
51 | - Restart Firefox.
52 | :::
53 |
--------------------------------------------------------------------------------
/src/guides/user_guide/installation.md:
--------------------------------------------------------------------------------
1 | # Installation
2 |
3 | Caido is available as both a desktop application and a standalone command-line interface (CLI) binary, offering users the flexibility to choose the installation method that best suits their needs.
4 |
5 | You can download the installer package from your dashboard or from the releases page of our Github repository. The available installer package can differ based on your operating system, make sure to download the package that is compatible with your system.
6 |
7 | ## Installing Caido on Windows
8 |
9 | 1. Download the Caido installer package for Windows from the dashboard or Github repository.
10 | 2. Open the downloaded package and follow the prompts to install Caido on your system.
11 | 3. Once the installation is complete, you can launch Caido from the Start menu or by searching for it in the Windows search bar.
12 |
13 | ## Installing Caido on Linux
14 |
15 | 1. Download the Caido installer package for Linux from the dashboard or Github repository.
16 | 2. Open a terminal and navigate to the directory where the downloaded package is located.
17 | 3. Use the command `sudo dpkg -i 
10 | 11 | 12 |
31 |
32 | ::: tip TIPS
33 |
34 | - [Applying a Scope Preset](/reference/features/overview/scope.md) is supported by Search.
35 | - [Applying a Filter Preset](/reference/features/overview/filters.md) is supported by Search.
36 | - Clicking the column names (_located at the top and spanning horizontally_) within the top request list pane will sort the requests by the selected column category. View the [Sorting by Properties](/reference/features/overview/sorting.md) documentation for more information.
37 | - Clicking the `{}` button will toggle the Pretty/Raw display option.
38 | - If you have installed the rendering engine - clicking the image icon located at the top-right corner of the response pane will present a visual representation of the response. View the [Basic Configuration](/quickstart/beginner_guide/setup/config.md) documentation for more information.
39 |
40 | :::
41 |
--------------------------------------------------------------------------------
/diagrams/data/Base64_Decode_Example.json:
--------------------------------------------------------------------------------
1 | {
2 | "description": "The example given in the Convert Workflows documentation section.",
3 | "edition": 2,
4 | "graph": {
5 | "edges": [
6 | {
7 | "source": {
8 | "exec_alias": "exec",
9 | "node_id": 0
10 | },
11 | "target": {
12 | "exec_alias": "exec",
13 | "node_id": 2
14 | }
15 | },
16 | {
17 | "source": {
18 | "exec_alias": "exec",
19 | "node_id": 2
20 | },
21 | "target": {
22 | "exec_alias": "exec",
23 | "node_id": 1
24 | }
25 | }
26 | ],
27 | "nodes": [
28 | {
29 | "alias": "convert_start",
30 | "definition_id": "caido/convert-start",
31 | "display": {
32 | "x": 0,
33 | "y": -80
34 | },
35 | "id": 0,
36 | "inputs": [],
37 | "name": "Convert Start",
38 | "version": "0.1.0"
39 | },
40 | {
41 | "alias": "convert_end",
42 | "definition_id": "caido/convert-end",
43 | "display": {
44 | "x": 0,
45 | "y": 100
46 | },
47 | "id": 1,
48 | "inputs": [
49 | {
50 | "alias": "data",
51 | "value": {
52 | "data": "$base64_d.data",
53 | "kind": "ref"
54 | }
55 | }
56 | ],
57 | "name": "Convert End",
58 | "version": "0.1.0"
59 | },
60 | {
61 | "alias": "base64_d",
62 | "definition_id": "caido/base64-decode",
63 | "display": {
64 | "x": 0,
65 | "y": 10
66 | },
67 | "id": 2,
68 | "inputs": [
69 | {
70 | "alias": "format",
71 | "value": {
72 | "data": "STANDARD",
73 | "kind": "string"
74 | }
75 | },
76 | {
77 | "alias": "data",
78 | "value": {
79 | "data": "",
80 | "kind": "bytes"
81 | }
82 | }
83 | ],
84 | "name": "Base64 D",
85 | "version": "0.2.0"
86 | }
87 | ]
88 | },
89 | "id": "5a6cd175-23b5-4b3b-a72a-ea5964804365",
90 | "kind": "convert",
91 | "name": "Base64 Decode Example"
92 | }
--------------------------------------------------------------------------------
/src/quickstart/beginner_guide/first_steps_with_caido/project.md:
--------------------------------------------------------------------------------
1 | # Creating Your First Project
2 |
3 | ## What are Projects?
4 |
5 | _For advanced documentation on this topic - click [here](/reference/features/workspace/projects.md)._
6 |
7 | Caido utilizes a client-server architecture model. An **Instance** of Caido is essentially an installation. Click [here](/concepts/essentials/instances.md) for more information on Instances.
8 |
9 | Think of `Projects` as separate directories for your audits. Projects allow you to stay organized when testing against multiple targets within the same Caido instance.
10 |
11 | ## Creating a New Project
12 |
13 | 
14 |
15 | 1. Select the `Workspace` tab from the left-hand menu within the Caido window.
16 | 2. Ensure the `Projects` tab in the top-left area of the Caido window is selected.
17 | 3. Click on the red `+ Create a project` button in the top-right area of the Caido window. Name the Project - consider using a descriptive name of the context the Project will be utilized for (_such as the name of the client you are auditing, a specific bug bounty program, the name of the product, etc._). Once you have entered a name - click on the `Create` button.
18 | 4. Your new Project will now appear in the `Workspace` panel.
19 | 5. Clicking on `⋮` will present the following additional options:
20 |
21 | - **Rename**: Rename your Project.
22 | - **Copy path**: Copy the Project's data location on your device to your clipboard.
23 | - **Create backup (Caido Pro Feature)**: Create a Backup of the Project data.
24 | - **Delete**: Delete the Project from your Instance.
25 |
26 | ## Switching Between Projects
27 |
28 | Caido offers the ability to switch between your Projects with ease. Switching Projects can be accomplished in two different ways:
29 |
30 | 1. Selecting the `Workspace` tab from the left-hand menu within the Caido window and clicking the `Select` button next to the desired Project.
31 | 2. Selecting the desired Project in the drop-down menu, located in the upper-right corner of the Caido window.
32 |
33 | ## Capturing and Inspecting Web Traffic
34 |
35 | Once you have familiarized yourself with creating Projects - basic capture and inspection of web traffic steps are available here:
36 |
37 | - [Capturing and Inspecting Web Traffic](./traffic.md)
38 |
--------------------------------------------------------------------------------
/render.yaml:
--------------------------------------------------------------------------------
1 | services:
2 | - type: web
3 | name: documentation
4 | runtime: static
5 | repo: https://github.com/caido/documentation.git
6 | branch: main
7 | buildCommand: make build-release
8 | staticPublishPath: ./.vitepress/dist
9 | pullRequestPreviewsEnabled: true
10 | routes:
11 | - type: rewrite
12 | source: /stats/script.js
13 | destination: https://plausible.io/js/plausible.js
14 | - type: rewrite
15 | source: /stats/event
16 | destination: https://plausible.io/api/event
17 | # Pre-vitepress
18 | - type: redirect
19 | source: /configuration/default_listening_address
20 | destination: /configuration/listening_address
21 | - type: redirect
22 | source: /features/workflows/convert
23 | destination: /features/testing/workflows/convert
24 | - type: redirect
25 | source: /internals/httpql
26 | destination: /concepts/httpql
27 | - type: redirect
28 | source: /internals/instances
29 | destination: /concepts/instances
30 | # Specific
31 | - type: redirect
32 | source: /common_errors
33 | destination: /reference/common_errors
34 | - type: redirect
35 | source: /show_case/*
36 | destination: /quickstart/showcase
37 | - type: redirect
38 | source: /doc_directory
39 | destination: /
40 | # Generic
41 | - type: redirect
42 | source: /configuration/*
43 | destination: /reference/configuration/*
44 | - type: redirect
45 | source: /plugins/*
46 | destination: /reference/plugins/*
47 | - type: redirect
48 | source: /user_guide/*
49 | destination: /guides/user_guide/*
50 | - type: redirect
51 | source: /beginner_guide/*
52 | destination: /quickstart/beginner_guide/*
53 | - type: redirect
54 | source: /features/*
55 | destination: /reference/features/*
56 | - type: redirect
57 | source: /concepts/*
58 | destination: /concepts/essentials/*
59 | # Post-Vitepress
60 | - type: redirect
61 | source: /reference/features/testing/workflows/*
62 | destination: /reference/workflows/*
63 | domains:
64 | - docs.caido.io
65 | envVars:
66 | - key: SKIP_INSTALL_DEPS
67 | value: true
68 |
--------------------------------------------------------------------------------
/src/concepts/plugins/plugin_tooling.md:
--------------------------------------------------------------------------------
1 | # Tooling for Plugin Development
2 |
3 | While plugins can be developed with raw JavaScript - Caido offers **plugin starterkits**, preassembled packages that also provide tooling to assist in development.
4 |
5 | The frontend starterkit can be found [here](https://github.com/caido/starterkit-plugin-frontend).
6 |
7 | ## Package Management
8 |
9 | Caido utilizes the [Performant Node Package Manager(a.k.a. pnpm)](https://pnpm.io/) for plugin package management. You have a couple choices of package management (_npm, yarn, pnpm, etc._) - we chose pnpm. Plugins do not have dependencies, they are self contained. The Javascript dependencies are bundled into them.
10 |
11 | The files related to package management within the starterkit repository are:
12 |
13 | - `package.json`: This is the main configuration file for the package as a whole - it contains the project metadata and specifies the required dependencies to be used at runtime/build time. _View the [pnpm package.json](https://pnpm.io/package_json) documentation for more information._
14 | - `pnpm-lock.yaml`: This file ensures the same versions of dependencies are installed with every installation. _View the [pnpm-lock.yaml](https://pnpm.io/git#lockfiles) documentation for more information._
15 |
16 | ## TypeScript
17 |
18 | Externally, [TypeScript](https://docs.caido.io/concepts/essentials/workflows/js_in_caido.html#typing) is used by Caido for the starterkit package.
19 |
20 | The file related to TypeScript within the starterkit repository is:
21 |
22 | - `tsconfig.json`: This file provides instructions to the compiler when TypeScript is converted to JS. _View the [https://www.typescriptlang.org/docs/handbook/tsconfig-json.html](https://www.typescriptlang.org/docs/handbook/tsconfig-json.html) documentation for more information._
23 |
24 | ## Build Tool
25 |
26 | Once the package is developed, the code is processed by the [Vite](https://vitejs.dev/guide/) build tool. In general, a build tool automates the process of compiling, testing and packaging code into a deployable package - ensuring the plugin is ready for use and sharing.
27 |
28 | The file related to the Vite build tool within the starterkit repository is:
29 |
30 | - `vite.config.ts`: This file is a configuration file for customizing the build process. _View the [vite.config.js](https://v2.vitejs.dev/config/) documentation for more information.
31 |
--------------------------------------------------------------------------------
/src/concepts/internals/files.md:
--------------------------------------------------------------------------------
1 | # Files
2 |
3 | ## Caido Storage Folder
4 |
5 | All the data Caido creates is stored in a single folder.
6 | It can be moved to another computer, but you might encounter issues (we are working on Project export/import).
7 |
8 | | OS | Location |
9 | | ------- | ------------------------------------------------ |
10 | | Linux | `~/.local/share/caido` |
11 | | MacOS | `~/Library/Application\ Support/io.caido.Caido/` |
12 | | Windows | `%APPDATA%\caido\Caido\data` |
13 |
14 | ::: tip
15 | The `log` directory will contain the log files used to view output from the Coding Nodes using the [SDK](/reference/workflows/sdk.md).
16 | :::
17 |
18 | ## Folder Structure
19 |
20 | ::: warning
21 | We do not recommend modifying the files directly as this might result in problems in the application and/or corruption of data. Proceed at your own risk.
22 | :::
23 |
24 | Inside the storage folder you will see the following files:
25 |
26 | - `config.db`: Contains all the non-critical configurations of the Instance. Also contains the cached data from the cloud for offline support.
27 | - `secrets.db`: Contains all the sensitive configurations. Currently, it is AES encrypted with a static secret, but we plan to support a user-specified password in the future.
28 | - `projects.db`: Contains the metadata of the Projects and hosted files.
29 |
30 | ::: info
31 | Each one of those files is a sqlite3 database in `journal` mode. We usually use pretty recent sqlite3 versions, but we do not make any guarantees on exactly which.
32 | :::
33 |
34 | You can also see the following folders:
35 |
36 | - `files`: Those are the hosted files that you uploaded to your Instance.
37 | - `browsers`: The binary of the browser used for rendering.
38 | - `projects`: The data for each Project. Each sub-folder will be the UUID of the Project (structure detailed below).
39 |
40 | For each Project, you will see the following:
41 |
42 | - `database.caido`: The majority of the data of the Project is contained in that database.
43 | - `database_raw.caido`: Contains the raw data of the requests and responses, it is split for performance reasons.
44 | - `exports`: Folder containing the exported data.
45 |
46 | ::: info
47 | Each one of those files is a sqlite3 database in `wal` mode. Thus if you copy them, make sure to also copy the `-wal` files.
48 | :::
49 |
--------------------------------------------------------------------------------
/src/quickstart/beginner_guide/setup/install.md:
--------------------------------------------------------------------------------
1 | # Installation
2 |
3 | Caido is available as both a desktop application and a standalone command-line interface (CLI) binary, offering users the flexibility to choose the installation method that best suits their needs.
4 |
5 | You can download the installer package from your Dashboard or from the releases page of our Github repository. The available installer package can differ based on your operating system, make sure to download the package that is compatible with your system.
6 |
7 | ## Installing Caido on Windows
8 |
9 | 1. Download the Caido installer package for Windows from the dashboard or Github repository.
10 | 2. Open the downloaded package and follow the prompts to install Caido on your system.
11 | 3. Once the installation is complete, you can launch Caido from the Start menu or by searching for it in the Windows search bar.
12 |
13 | ## Installing Caido on Linux
14 |
15 | 1. Download the Caido installer package for Linux from the dashboard or Github repository.
16 | 2. Open a terminal and navigate to the directory where the downloaded package is located.
17 | 3. Use the command `sudo dpkg -i 
11 |
12 | ## Authentication
13 |
14 | Except for a few exceptions, the GraphQL API requires authentication via a `Bearer` access token.
15 |
16 | ```http
17 | Authorization: Bearer 
55 |
56 | ## Explorer
57 |
58 | The schema of Caido is quite large and so exploring it can be hard. For that purpose, we offer a GraphQL Explorer (based on [GraphQL Voyager](https://github.com/graphql-kit/graphql-voyager)).
59 |
60 | Open Graphql Explorer
61 |
62 | 
63 |
--------------------------------------------------------------------------------
/src/guides/user_guide/docker.md:
--------------------------------------------------------------------------------
1 | # Running in Docker
2 |
3 | ## Running the Image
4 |
5 | We offer images on [Dockerhub](https://hub.docker.com/r/caido/caido) that you can run directly on `x86`:
6 |
7 | ```
8 | docker run --rm -p 7000:8080 caido/caido:latest
9 | ```
10 |
11 | This will start Caido on port 7000. You can then point your browser's proxy settings to `127.0.0.1:7000`.
12 |
13 | To use another port, replace `7000` in the command above with a different port.
14 |
15 | ::: info
16 | For M1 users, it is now possible to enable [Rosetta](https://docs.docker.com/desktop/settings/mac/#use-rosetta-for-x86amd64-emulation-on-apple-silicon) in the Docker settings. You can then run images with `--platform linux/amd64`.
17 | :::
18 |
19 | ## Project Persistence
20 |
21 | By default, Projects created in the Docker container are not saved between `docker run` commands.
22 |
23 | We recommend mounting a volume to keep your data on your file system and to avoid losing data between Caido updates.
24 |
25 | This is done by appending the `-v` parameter to the `docker run` command using the format `-v
14 |
15 | ## Desktop Application
16 |
17 | When you use the `Desktop Application`, you will see by default a `Local Instance`. This means that you will spawn a `Caido CLI` process locally on the given port and with the default [data path](/reference/configuration/data_location.md).
18 |
19 | 
20 |
21 | ### Local
22 |
23 | You can add Instances with the `New instance` button, those can be other `Local` Instances if you want to use another [data path](/reference/configuration/data_location.md) or port.
24 |
25 | 
26 |
27 | ### Remote
28 |
29 | They can also be `Remote` Instances if you just want to connect to an existing `Caido CLI` running somewhere else.
30 |
31 | 
32 |
33 | ## Dashboard
34 |
35 | To manage your Instances, you can head over to the [Dashboard](https://dashboard.caido.io/instances).
36 |
37 | ::: warning
38 | If you delete an Instance and try to log-in again, you will see the error ["Login URL generation failed"](http://localhost:3000/common_errors.html#login-url-generation-failed). You will need to reset the credentials.
39 | :::
40 |
41 | 
42 |
--------------------------------------------------------------------------------
/src/faq.md:
--------------------------------------------------------------------------------
1 | # FAQ
2 |
3 | ## Is Caido free?
4 |
5 | Caido has a free `Basic` plan. We also offer a `Pro` plan which includes additional advanced features. By purchasing the `Pro` plan, you will be supporting the development and maintenance of the tool.
6 |
7 | Additionally, we offer a `Team` plan for organizations that need premium support and/or custom feature implementation.
8 |
9 | ::: info
10 | You can check our [website](https://caido.io) to stay informed about the new features that will be added in the future.
11 | :::
12 |
13 | ## Is Caido open source?
14 |
15 | Caido is not currently open source, but we have plans to offer an API for open source plugin development. We also employ standard open formats whenever possible.
16 |
17 | ## On how many devices can I install Caido?
18 |
19 | At this time, Caido can be installed on an unlimited number of devices. You are welcome to install Caido on as many devices as you like.
20 |
21 | ## What data do you collect?
22 |
23 | When you register for Caido, we collect your name and email address, as well as information about your user agent.
24 |
25 | When you use Caido, we collect interaction data between your Instances and our cloud services. This includes the IP address of the Instance and API call actions/timestamps.
26 |
27 | We do not collect any data stored on your Instances nor interactions within the Caido application.
28 |
29 | ## Where can I ask for support and/or feature requests?
30 |
31 | You can ask for support and submit feature requests through our public Discord or Github repository. Both are great places to share feedback and help improve Caido.
32 |
33 | ## What is the difference between Caido CLI and Caido Desktop?
34 |
35 | The Caido CLI is self-contained binary that launches the Caido proxy (also called Instance). You can use it on remote servers or locally and access the Instance using your browser. The Caido Desktop acts a connection manager to your Instances and can also launch the Caido proxy in the background. It uses webviews to access the Instance instead of the browser.
36 |
37 | ::: warning
38 | At the moment, Caido Desktop is considered experimental and does not perform as well as the browser on Linux.
39 | :::
40 |
41 | ## I've encountered an error, what do I do?
42 |
43 | There are 3 options available:
44 |
45 | - Go check out the [Common Errors](/reference/common_errors.md) page.
46 | - Join the Discord.
47 | - Raise an issue on [Github](https://github.com/caido/caido) if it's a bug.
48 |
--------------------------------------------------------------------------------
/.vitepress/sidebars/quickstart.ts:
--------------------------------------------------------------------------------
1 | import { DefaultTheme } from "vitepress";
2 |
3 | export const quickstartSidebar: DefaultTheme.SidebarItem[] = [
4 | {
5 | text: "Welcome",
6 | items: [
7 | {
8 | text: "Introduction",
9 | link: "/quickstart/",
10 | },
11 | { text: "Showcase", link: "/quickstart/showcase" },
12 | ],
13 | },
14 | {
15 | text: "Beginner Guide",
16 | items: [
17 | {
18 | text: "Welcome to Caido",
19 | items: [
20 | {
21 | text: "Onboarding",
22 | link: "/quickstart/beginner_guide/welcome_to_caido/onboarding",
23 | },
24 | ],
25 | },
26 | {
27 | text: "Setup",
28 | items: [
29 | {
30 | text: "Downloading and Installing",
31 | link: "/quickstart/beginner_guide/setup/install",
32 | },
33 | {
34 | text: "Basic Configuration",
35 | link: "/quickstart/beginner_guide/setup/config",
36 | },
37 | {
38 | text: "Uploading Files for Use in Automate",
39 | link: "/quickstart/beginner_guide/setup/file_upload",
40 | },
41 | ],
42 | },
43 | {
44 | text: "First Steps with Caido",
45 | items: [
46 | {
47 | text: "Creating Your First Project",
48 | link: "/quickstart/beginner_guide/first_steps_with_caido/project",
49 | },
50 | {
51 | text: "Capturing and Inspecting Traffic",
52 | link: "/quickstart/beginner_guide/first_steps_with_caido/traffic",
53 | },
54 | {
55 | text: "Forwarding and Modifying Requests Repeatedly",
56 | link: "/quickstart/beginner_guide/first_steps_with_caido/replay",
57 | },
58 | {
59 | text: "Automating Brute-Forcing/Fuzzing",
60 | link: "/quickstart/beginner_guide/first_steps_with_caido/automate",
61 | },
62 | ],
63 | },
64 | {
65 | text: "Support",
66 | items: [
67 | {
68 | text: "Common Errors and Solutions",
69 | link: "/quickstart/beginner_guide/getting_help/support",
70 | },
71 | ],
72 | },
73 | ],
74 | },
75 | {
76 | text: "Distributions",
77 | link: "/quickstart/distributions",
78 | items: [
79 | {
80 | text: "Linux",
81 | items: [
82 | {
83 | text: "Athena OS",
84 | link: "/quickstart/distributions/linux/athena_os",
85 | },
86 | ],
87 | },
88 | ],
89 | },
90 | ];
91 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 |
2 | 
3 |
4 |
5 |
6 | Website 7 | • 8 | Dashboard 9 | • 10 | Roadmap 11 | • 12 | Branding 13 | • 14 | Discord 15 |
16 |
17 |
18 |
19 | ## 👋 Welcome
20 |
21 | Welcome to the Caido documentation repository!
22 |
23 | To contribute to our documentation, please see the contribution section below.
24 |
25 | Please note that you'll also have to sign a [contributor license agreement](https://cla-assistant.io/caido/documentation) when submitting a PR.
26 |
27 | Thanks in advance for your contributions!
28 |
29 | ## 🔧 Contribution
30 |
31 | We've taken the time to set up Codespaces on this repo, which makes setting up a local copy of [the documentation site](https://docs.caido.io), viewing your changes live, and creating a pull request back to the `main` branch SUPER easy. **The entire process will take less than 5 clicks and less than 5 minutes.**
32 |
33 |
3 |
4 | 5 |
6 | Website 7 | • 8 | Dashboard 9 | • 10 | Roadmap 11 | • 12 | Branding 13 | • 14 | Discord 15 |
16 |
17 |
34 | 
35 |
36 |
37 | An overview of the process is as follows:
38 |
39 | 1. Create a fork of the repository
40 | 1. Create a new branch
41 | 1. Create a `codespace` on this branch (the `codespace` settings will configure everything for you)
42 | 1. Make changes and view your changes on the local version of the documentation site found in the `ports` section of the VS Code interface
43 | 1. Commit changes to the branch using the VS Code interface
44 | 1. Create a pull request to main via VS Code interface or normal GitHub interface
45 |
46 | Here is a link to our [style guide (WIP)](style-guide.md).
47 |
48 | > Accounts get 60 hours per month of `codespace` run-time before you start getting charged; so don't forget to stop/delete your codespace after you've made your modification!
49 |
50 | ## 💚 Community
51 |
52 | Come join our [Discord](https://links.caido.io/www-discord) community and connect with other Caido users! We'd love to have you as part of the conversation and help with any questions you may have.
53 |
--------------------------------------------------------------------------------
/src/reference/plugins/custom_css.md:
--------------------------------------------------------------------------------
1 | # Custom CSS
2 |
3 | The Custom CSS feature allows you to personalize the look and feel of the interface.
4 |
5 | By writing your own CSS code in the provided text area, you can modify the aesthetic aspects of the application, such as the color scheme, layout and fonts used.
6 |
7 |
35 | 
8 |
9 | ## Themes
10 |
11 | One of the simplest changes you can make is to customize the default theme. You can do this by adjusting the CSS variables we've provided to your liking.
12 |
13 | ::: tip
14 | Some sections of Caido are not be configurable with CSS variables yet. Depending on your use case, you might have to add CSS to existing classes directly.
15 | :::
16 |
17 | Here is an (incomplete) example of a CSS snippet for the solarized dark theme. You can paste this into the Custom CSS field to try it out.
18 |
19 | ```css
20 | :root {
21 | /* === Background === */
22 | /* Background: Foundations */
23 | --c-bg-default: #002b36;
24 | --c-bg-subtle: #073642;
25 | --c-bg-inset: #586e75;
26 |
27 | /* Background: Roles */
28 | --c-bg-primary: #dc322f;
29 | --c-bg-primary--pressed: var(--c-red-700);
30 | --c-bg-secondary: #b58900;
31 | --c-bg-secondary--pressed: var(--c-yellow-400);
32 | --c-bg-tertiary: var(--c-gray-400);
33 | --c-bg-tertiary--pressed: var(--c-gray-500);
34 | --c-bg-danger: var(--c-red-300);
35 | --c-bg-danger--pressed: var(--c-red-400);
36 | --c-bg-info: var(--c-blue-100);
37 | --c-bg-success: var(--c-green-400);
38 | --c-bg-success--pressed: var(--c-green-500);
39 |
40 | /* === Foreground === */
41 | /* Foreground: Foundations */
42 | --c-fg-default: var(--c-white-100);
43 | --c-fg-subtle: var(--c-gray-400);
44 | --c-fg-onEmphasis: var(--c-gray-900);
45 |
46 | /* Foreground: Roles */
47 | --c-fg-primary: var(--c-red-600);
48 | --c-fg-primary--pressed: var(--c-red-700);
49 | --c-fg-secondary: #b58900;
50 | --c-fg-secondary--pressed: var(--c-yellow-400);
51 | --c-fg-tertiary: var(--c-gray-400);
52 | --c-fg-tertiary--pressed: var(--c-gray-500);
53 | --c-fg-danger: var(--c-red-300);
54 | --c-fg-danger--pressed: var(--c-red-400);
55 | --c-fg-info: var(--c-blue-100);
56 | --c-fg-success: var(--c-green-400);
57 | --c-fg-success--pressed: var(--c-green-500);
58 |
59 | /* === Border === */
60 | /* Border: Foundations */
61 | --c-border-default: var(--c-gray-600);
62 |
63 | /* Border: Roles */
64 | --c-border-primary: var(--c-red-600);
65 | --c-border-secondary: #b58900;
66 | --c-border-tertiary: var(--c-gray-400);
67 | --c-border-danger: var(--c-red-300);
68 | --c-border-info: var(--c-blue-100);
69 | --c-border-success: var(--c-green-400);
70 | }
71 | ```
72 |
--------------------------------------------------------------------------------
/src/report_bug.md:
--------------------------------------------------------------------------------
1 | # Reporting a Bug
2 |
3 | Found a bug in Caido or need help debugging? You are at the right place!
4 |
5 | ::: tip
6 | We need a few items in order to be able to reproduce bugs and help you.
7 | :::
8 |
9 | ## 1. Backend Logs
10 |
11 | Caido is using a [client/server architecture](/concepts/essentials/instances.md), that means that we need logs from two places.
12 |
13 | The first place to look for logs is in your [data folder](/reference/configuration/data_location.md), you should see a `logs` folder.
14 |
15 | 
16 |
17 | ## 2. Frontend Logs
18 |
19 | The second place to look for logs is in your browser's console included in your [browser developer tools](https://developer.mozilla.org/en-US/docs/Learn/Common_questions/Tools_and_setup/What_are_browser_developer_tools).
20 |
21 | You can open the console by pressing `F12` or right-clicking within the browser and selecting `Inspect Element`.
22 |
23 | 
24 |
25 | ## 3. Steps to Reproduce
26 |
27 | For us to be able to help you, we need to be able to reproduce the bug on our side.
28 |
29 | Thus, it is **critical** that you give us **as much details as possible** on the various steps you took leading to the bug.
30 |
31 | ::: tip
32 | A good example of steps would be:
33 |
34 | 1. In `Intercept`, click on `Response`.
35 | 2. Start `Queuing`.
36 | 3. In a terminal, execute `curl -x 127.0.0.1:8080 https://example.com`.
37 | 4. Modify response status code.
38 | 5. Click `Forward`.
39 | 6. Confirm in terminal that the response was not modified.
40 | :::
41 |
42 | ## 4. Operating System & Version
43 |
44 | Many Caido bugs are depend on the OS and even sometimes the version of that OS.
45 | When reporting a bug, please make sure to include this information.
46 |
47 | ::: tip
48 | A good example would be:
49 |
50 | - **OS:** Mac OS
51 | - **OS Version:** 12 (Monterey)
52 | - **Caido Client:** Caido Desktop
53 | - **Caido Version:** 0.33.0
54 | :::
55 |
56 | ## 5. Github Issues
57 |
58 | The last step is to [open an issue](https://github.com/caido/caido/issues/new?assignees=&labels=&projects=&template=bug.md&title=) on our Github Tracker.
59 |
60 | Thanks a lot for the help! You rock! 🤘
61 |
62 | ::: warning
63 | If your steps to reproduce contains sensitive information, please continue reading.
64 | :::
65 |
66 | ## 6. (Optional) Discord Channel
67 |
68 | We prefer that the production only contain public data, but we understand that it is not always possible.
69 |
70 | If your data is sensitive, please do contact us on [Discord](https://links.caido.io/www-discord).
71 |
72 | We will create a private channel for you and you will be able to provide that data to us in a secure manner.
73 |
--------------------------------------------------------------------------------
/src/reference/features/overview/filters.md:
--------------------------------------------------------------------------------
1 | # Filters
2 |
3 | **Filter Presets**, created via the `Filters` tab allows you to fine-tune which proxied resources/objects are displayed/excluded. Utilizing the intuitive query syntax of HTTPQL for their `Expressions` - these custom filtering rules ensure your work is streamlined by reducing the time it takes to find that specific request you are looking for.
4 |
5 | Caido's Filter Preset feature makes it easy to evaluate a large amount of data as you delve into your testing engagement.
6 |
7 | ::: info
8 | View the [HTTPQL](/concepts/essentials/httpql.md) documentation for more information on query syntax.
9 | :::
10 |
11 | ## Filter Preset Rules
12 |
13 | ::: info
14 | Filter Presets are referenced by their `Names` and `Aliases`.
15 | :::
16 |
17 | - Aliases can **only** contain lowercase letters (`a-z`), numbers (`0-9`) and the symbols (`-` and `_`).
18 | - Names and Aliases **must** be unique across all Presets for referencing purposes.
19 | - The Expression or Expressions **cannot** reference other Presets.
20 |
21 | ## Creating a New Filter Preset
22 |
23 | 
24 |
25 | ::: info
26 | In this example - the Filter Preset created will display requests that include the **/about** path when applied.
27 | :::
28 |
29 | 1. Select the `Filters` tab from the left-hand menu within the Caido window.
30 | 2. This pane displays all saved Filters. To create a new Filter - click on the `+ New Preset` button.
31 | 3. Provide a `Name` and an `Alias` for your new Preset. In the `Expression` field - supply one or more [HTTPQL](/concepts/essentials/httpql.md) queries. Click `Save` once the Filter is defined to your liking. Clicking `Delete` will remove the associated Filter Preset from the current Caido Project.
32 |
33 | ## Using a Filter Preset
34 |
35 | Currently, the tabs that support Scope selection are **HTTP History** and **Search**.
36 |
37 | 
38 |
39 | 1. Click the `Advanced` button located to the right of the `Enter an HTTPQL query...` input field.
40 | 2. In the `Advanced options` side menu that is presented - select/deselect the Filter Presets you want to apply.
41 | 3. As the example Filter Preset created is reliant on the presence of the **/about** path - you can confirm it is working properly based on the Path filter category of the displayed requests.
42 |
43 | ## Additional Information
44 |
45 | ::: info
46 |
47 | - You can create as many Filter Presets as you want.
48 | - Filter Presets are specific to the Project they are created in.
49 |
50 | :::
51 |
52 | ::: tip
53 |
54 | - Caido provides default Presets for each new Project, but you can modify or update them if you wish to.
55 | - Expression shortcut syntax: `"Value"` is equal to `(req.raw.cont:"Value" OR resp.raw.cont:"Value")` - insert an arbitrary value within the double quotes.
56 |
57 | :::
58 |
--------------------------------------------------------------------------------
/src/quickstart/beginner_guide/first_steps_with_caido/replay.md:
--------------------------------------------------------------------------------
1 | # Forwarding and Modifying Requests Repeatedly
2 |
3 | ## Replay
4 |
5 | _For advanced documentation on this topic - click [here](/reference/features/testing/replay.md)._
6 |
7 | `Replay` allows you to repeatedly forward modified requests. **Requests** are shown on the left and **responses** are shown on the right.
8 |
9 | ::: tip
10 | To send a request to `Replay`, either right-click inside the request pane of `Intercept` or `HTTP History` or focus the request pane and use `CTRL+R`.
11 | :::
12 |
13 | 
14 |
15 | 1. Select the `Replay` tab from the left-hand menu within the Caido window.
16 | 2. These numerically named tabs are the requests that have been sent to `Replay` in the order they were sent. To select a request, simply click on the desired tab. _You can arbitrarily rename a tab by right-clicking it and selecting `Rename`_.
17 | 3. Click the `Send` button to forward the request. Clicking `<` or `>` will sort through the forwarding history of the currently loaded request (_in Caido, the historical recording of forwarded requests is known as a **Session**_).
18 | 4. Make any desired modifications to the request in this pane.
19 | 5. Once a request has been forwarded - this pane presents the associated response.
20 | 6. This is the resulting list of options presented after right-clicking within the request pane.
21 |
22 | ## Replay Collections and Sessions
23 |
24 | With Caido, requests are easily organized with the use of **Sessions** and **Collections**.
25 |
26 | - **Sessions**: Everytime you edit and forward a request within `Replay` - the history of these forwards is recorded into a **Session**.
27 | - **Collections**: You can group Sessions into **Collections** which allows you to organize your requests by shared traits.
28 |
29 | 
30 |
31 | 1. The request Sessions.
32 | 2. The Collection. You can view the list of associated Sessions by clicking `>` to the left of the Collection. To collapse the list, click the `∨`.
33 | 3. The request currently in the pane/the total number of recorded requests.
34 | 4. Clicking the `New Session` button will present an empty request template. Create a new request manually or enter a URL into the `Enter a connection URL` input box and Caido will automatically generate a valid basic request.
35 | 5. Clicking the drop-down arrow of the `New Session` button will present the option to create a new Collection. Click `New Collection` to proceed with this option.
36 |
37 | ::: tip
38 | To move Sessions between Collections - click, hold and drag the target Session and release on top of the target Collection.
39 | :::
40 |
41 | ## Automating Brute-Forcing/Fuzzing
42 |
43 | Once you have familiarized yourself with Replay - the steps to automate request forwarding are available here:
44 |
45 | - [Automating Brute-Forcing/Fuzzing](./automate.md)
46 |
--------------------------------------------------------------------------------
/src/reference/features/overview/scope.md:
--------------------------------------------------------------------------------
1 | # Scopes
2 |
3 | Scopes are defined through the creation of **Scope Presets** within the `Scopes` tab interface. Your **Scope Presets** will match requests throughout the application by using a supplied list of `Hosts` that are designated either `In Scope` or `Out of Scope`. Scoping improves the efficiency of your testing process by quickly filtering the display of targets that are relevant/irrelevant to your engagement.
4 |
5 | Caido offers the ability to switch between your Scope Presets with ease throughout the application.
6 |
7 | ## Scope Preset Rules
8 |
9 | - Hosts can **only** contain lowercase letters (`a-z`), numbers (`0-9`) and some symbols (`-`, `_`, `*`, `?`).
10 | - Hosts can include [Glob Wildcards](https://en.wikipedia.org/wiki/Glob_(programming)) (`*` and `?`) to support multiple subdomains (`*.example.com`) and TLDs (`*example*`).
11 | - Hosts can be `In Scope` acting as an **allow list** or `Out of Scope` acting as a **deny list**.
12 |
13 | ::: warning NOTE
14 | Scope Presets currently only support domains, **not paths**.
15 |
16 | View the submitted [Github Issue](https://github.com/caido/caido/issues/642) for more information and to cast your vote to prioritize the implementation of paths within scoping rules.
17 | :::
18 |
19 | ## Creating a New Scope Preset
20 |
21 | 
22 |
23 | ::: info
24 | In this example - the Scope Preset created will record any traffic to/from **caido.io** and **example.com** as well as any subdomains with the exception of **docs.caido.io** as it is listed Out of Scope.
25 | :::
26 |
27 | 1. Select the `Scope` tab from the left-hand menu within the Caido window.
28 | 2. This pane displays all saved Scopes. To create a new Scope - click on the `+ New Preset` button.
29 | 3. Name your Scope Preset and enter the rules of the Scope in this pane. Click `Save` once the Scope is defined to your liking. Clicking `Delete` will remove the associated Scope Preset from the current Caido Project.
30 |
31 | ## Applying a Scope Preset
32 |
33 | Currently, the tabs that support Scope selection are **Sitemap**, **Intercept**, **HTTP History**, **WS History** and **Search**.
34 |
35 | 
36 |
37 | 1. Click the Scope dropdown menu.
38 | 2. You will be presented with a list of your saved Scope Presets. Select one to apply it.
39 |
40 | ## Additional Information
41 |
42 | ::: info
43 |
44 | - You can create as many Scope Presets as you want.
45 | - Scope Presets are specific to the Project they are created in.
46 | - Adding or removing a Preset can be **slow** if you have a big Project since Caido will re-index your data on each change.
47 | - In Caido, Scopes are **NOT** global. Each tool and _(eventually)_ each view can have a different Scope.
48 |
49 | :::
50 |
51 | ::: tip
52 | Selecting `Unset Scope` acts as an absence of any scoping. All proxied traffic will be displayed.
53 | :::
54 |
--------------------------------------------------------------------------------
/src/reference/features/proxy/intercept.md:
--------------------------------------------------------------------------------
1 | # Intercept
2 |
3 | The `Intercept` tab allows you to manually control the flow of proxied traffic between your client and the server. With the ability to pause and resume the flow - you can gain a clear understanding of what is occuring.
4 |
5 | When forwarding is paused, Caido will list all of the requests and responses awaiting forwarding in a queue list. Select any request or response within this list to view its contents. From here - you can make modifications, transfer the request to another Caido feature, forward the request/response or drop the request/response completely.
6 |
7 | Modifications to requests and responses can be made directly within their Intercept panes as they are captured.
8 |
9 | ## Intercept Layout
10 |
11 | To familiarize yourself with the Intercept interface, continue below:
12 |
13 | 
14 |
15 | 1. Select the `Intercept` tab from the left-hand menu within the Caido window.
16 | 2. Clicking this button will toggle between `Queuing` (_intercept traffic_) and `Forwarding` (_forward traffic_).
17 | 3. Click `Requests`, `Responses` or **both** to specify what `Queuing` is applied to. _**Intercept on** is signified by `||` and **intercept off** is signified by `>>`._
18 | 4. This pane lists all the queued **requests**. Select one from the list by clicking on it to view its contents.
19 | 5. The contents of the currently queued/selected **request** will be displayed in this pane.
20 | 6. The `Drop` and `Forward` buttons will drop or forward **requests**/**responses** respectively.
21 |
22 | 
23 |
24 | 7. This pane will list all the queued **responses**. Select one from the list by clicking on it to view its contents.
25 | 8. The contents of the currently queued/selected **response** will be displayed in this pane.
26 |
27 | ## Additional Information
28 |
29 | ::: info
30 |
31 | - The number highlighted in red within the Intercept tab represents the number of queued requests and responses.
32 | - All queued traffic will be forwarded when toggling from Queuing back to Forwarding.
33 |
34 | :::
35 |
36 | ::: tip TIPS
37 |
38 | - [Applying a Scope Preset](/reference/features/overview/scope.md) is supported by Intercept.
39 | - Clicking the column names (_located at the top and spanning horizontally_) within the top request and response panes will sort the requests by the selected column category. View the [Sorting by Properties](/reference/features/overview/sorting.md) documentation for more information.
40 | - To send a request to `Replay` from `Intercept`, either right-click inside the request pane or focus the request pane and use `CTRL+R`.
41 | - To send a request to `Automate` from `Intercept`, either right-click inside the request pane or focus the request pane and use `CTRL+M`.
42 | - Clicking the `{}` button will toggle the Pretty/Raw display option.
43 |
44 | :::
45 |
--------------------------------------------------------------------------------
/src/reference/features/overview/sitemap.md:
--------------------------------------------------------------------------------
1 | # Sitemap
2 |
3 | The `Sitemap` tab allows you to visualize the structure of any website that is proxied through Caido.
4 |
5 | It keeps track of domains, folders, and requests, as well as any variations in query parameters and POST bodies. The Sitemap page provides a clear, hierarchical view of the website's structure, making it easy to identify and explore different parts of the site.
6 |
7 | The Sitemap displays a tree-like structure, with the root node representing the root domain of the website. Each branch of the tree represents a subdomain or subfolder, and the leaves of the tree represent individual requests. You can click on any node to expand or collapse it, revealing or hiding its child nodes.
8 |
9 | ## Sitemap Layout
10 |
11 | To familiarize yourself with the Sitemap interface, continue below:
12 |
13 | 
14 |
15 | 1. Select the `Sitemap` tab from the left-hand menu within the Caido window.
16 | 2. This pane presents the domains that have been proxied through Caido. Toggling the `>` icon to `∨` will expand the associated domain/folder, revealing its contents. You can search for a specific domain/subdomain by utilizing the `Search domain...` bar.
17 | 3. Upon selecting a node of the tree-like structure within the previously mentioned pane - all associated requests are displayed in this pane. Clicking the column names (_located at the top and spanning horizontally_) within this pane will sort the requests by the selected column category.
18 | 4. The request and paired response panes are available here. At the bottom-right corner of the response pane, the response size (_in bytes_) and how long the response took to receive (_in milliseconds_) is provided.
19 | 5. Clicking the cog wheel icon will present a dropdown menu that lists the aforementioned column categories. Select/deselect to include/exclude them respectively.
20 |
21 | ## Additional Information
22 |
23 | ::: info
24 | The padlock icon represents connections via HTTPS.
25 | :::
26 |
27 | ::: tip TIPS
28 |
29 | - Clicking `Export` will present you with options to export HTTP History data. View the [Exports](/reference/features/logging/exports.md) documentation for more information.
30 | - [Applying a Scope Preset](/reference/features/overview/scope.md) is supported by Sitemap.
31 | - Clicking the column names (_located at the top and spanning horizontally_) within the top request list pane will sort the requests by the selected column category. View the [Sorting by Properties](/reference/features/overview/sorting.md) documentation for more information.
32 | - Clicking the `{}` button will toggle the Pretty/Raw display option.
33 | - If you have installed the rendering engine - clicking the image icon located at the top-right corner of the response pane (_not pictured above_) will present a visual representation of the response. View the [Basic Configuration](/quickstart/beginner_guide/setup/config.md) documentation for more information.
34 | :::
35 |
--------------------------------------------------------------------------------
/src/quickstart/beginner_guide/first_steps_with_caido/traffic.md:
--------------------------------------------------------------------------------
1 | # Capturing and Inspecting Web Traffic
2 |
3 | ## Intercept
4 |
5 | _For advanced documentation on this topic - click [here](/reference/features/proxy/intercept.md)._
6 |
7 | `Intercept` allows you to capture **requests** as well as **responses** for inspection/modification and forward or drop them arbitrarily. **Requests** are shown on the left and **responses** are shown on the right.
8 |
9 | 
10 |
11 | 1. Select the `Intercept` tab from the left-hand menu within the Caido window.
12 | 2. Clicking this button will toggle between `Queuing` (_intercept traffic_) and `Forwarding` (_forward traffic_).
13 | 3. Click `Requests`, `Responses` or **both** to specify what `Queuing` is applied to. _**Intercept on** is signified by `||` and **intercept off** is signified by `>>`._
14 | 4. The `Drop` and `Forward` buttons will drop or forward **requests**/**responses** respecively.
15 |
16 | ## HTTP History
17 |
18 | _For advanced documentation on this topic - click [here](/reference/features/proxy/http_history.md)._
19 |
20 | The `HTTP History` tab lists all the traffic that Caido has proxied.
21 |
22 | 
23 |
24 | 1. Select the `HTTP History` tab from the left-hand menu within the Caido window.
25 | 2. All the proxied **requests** will appear in this pane. Select them arbitrarily.
26 | 3. Search/filter for **requests** or **responses** within Caido's history by entering an [HTTPQL query](/concepts/essentials/httpql.md) in this input bar.
27 | 4. Clicking the `Advanced` button will present checkbox options to further filter what is displayed in the history (_filter by response status code(s) and custom presets_).
28 | 5. Clicking the `Column preferences` cog wheel icon will present checkbox options that you can select/deselect to customize the information provided about each **request**.
29 |
30 | ## WS History
31 |
32 | _For advanced documentation on this topic - click [here](/reference/features/proxy/ws_history.md)._
33 |
34 | The `WS History` tab lists all of the WebSocket stream traffic that Caido has proxied.
35 |
36 | 
37 |
38 | 1. Select the `WS History` tab from the left-hand menu within the Caido window.
39 | 2. All the proxied WebSocket streams will appear in this pane. Select them arbitrarily.
40 | 3. Select a message within the selected stream in this pane.
41 | 4. The contents of the selected message are presented in this pane.
42 |
43 | ::: tip
44 | You can click on any of the column names above the request/response/stream list pane to sort in ascending/descending/alphabetical/numerical order, by extension/presence/absence/size, or by time waited/time sent depending on the tab/category selected.
45 | :::
46 |
47 | ## Forwarding and Modifying Requests Repeatedly
48 |
49 | Once you have familiarized yourself with capturing and inspecting web traffic - basic modification steps using `Replay` are available here:
50 |
51 | - [Forwarding and Modifying Requests Repeatedly](./replay.md)
52 |
--------------------------------------------------------------------------------
/src/concepts/plugins/frontend.md:
--------------------------------------------------------------------------------
1 | # Plugin Frontend
2 |
3 | The frontend client component of Caido is the application running on your device.
4 |
5 | Frontend development allows you to:
6 |
7 | - Enhance the user-interface/experience.
8 | - Add new pages, components and elements.
9 | - Modify the appearance, behavior and functionality of the user-interface.
10 | - Provide additional features and customization options.
11 | - Handle user interactions, render data and communicate with the backend server via Caido's API.
12 |
13 | ## Frontend Interfaces
14 |
15 | _For advanced documentation on this topic - click [here](./frontend_sdk.md)._
16 |
17 | `ui` - Used to create visual elements. Content options for each element are also provided. These elements provide a way to sectionalize the user-interface of your plugin.
18 |
19 | `scopes` - Used to set, create, update and delete **target scoping rules**, ensuring your plugin is directed at desired hosts.
20 |
21 | `commands` - Used to register **actions** to expose functionality, bind actions to the user-interface and implement business logic.
22 |
23 | `menu` - Used to register right-click **context menu** actions/options and create a plugin specific **settings page**, allowing quick access to your plugin functionality.
24 |
25 | `navigation` - Used to create pages in the application, giving your plugin its own **tab**.
26 |
27 | `window` - Used to interact with **text** within the application environment, allowing text selection, replacement, read permission designations, focusing and editor related messaging.
28 |
29 | `storage` - Used to **persist data** across different sessions or instances.
30 |
31 | ::: info
32 | Caido has heavily referenced [Visual Studio Code's Command Model](https://code.visualstudio.com/api/extension-guides/command).
33 | :::
34 |
35 | ::: tip
36 | Be aware that your plugin can be loaded in multiple user tabs.
37 | :::
38 |
39 | ## Frontend Starterkit Repository Contents
40 |
41 | Caido convieniently offers a plugin starterkit that can serve as a skeleton model to offer insight into SDK usage and be further built upon.
42 |
43 | ::: info
44 |
45 | - For documentation on the tooling files shared by all plugin starterkits offered by Caido - click [here](/concepts/plugins/plugin_tooling.md).
46 | - The frontend starterkit can be found [here](https://github.com/caido/starterkit-plugin-frontend).
47 | :::
48 |
49 | ### Frontend Starterkit Directories
50 |
51 | The `public` directory stores the `styles.css` file used to stylize elements of your plugin.
52 |
53 | The `src` directory stores the following files:
54 |
55 | - `index.ts` file is acts as the entrypoint file (_the initial script that is loaded and executed, setting up the necessary resources and handling further logic and interactions with the plugin_). Within this file - an `init` function export is required in order to initialize the plugin. The init function receives a `caido` object of type `Caido` which is the SDK (_importable from `@caido/sdk-frontend`_) used to interact with the frontend application. Click [here](https://github.com/caido/sdk-frontend/blob/main/src/types/index.d.ts) for the full type definition.
56 |
57 | - `types.ts`: This file allows you the ability to declare new types usable in your plugin.
58 |
--------------------------------------------------------------------------------
/src/reference/features/workspace/projects.md:
--------------------------------------------------------------------------------
1 | # Projects
2 |
3 | Caido utilizes a client-server architecture model. An **Instance** of Caido is essentially an installation. Click [here](/concepts/essentials/instances.md) for more information on Instances.
4 |
5 | Think of `Projects` as separate directories for your audits. Projects allow you to stay organized when testing against multiple targets within the same Caido instance.
6 |
7 | ## Creating a New Project
8 |
9 |
10 |
11 | 1. Select the `Workspace` tab from the left-hand menu within the Caido window.
12 | 2. Ensure the `Projects` tab in the top-left area of the Caido window is selected.
13 | 3. Click on the red `+ Create a project` button in the top-right area of the Caido window. Name the Project - consider using a descriptive name of the context the Project will be utilized for (_such as the name of the client you are auditing, a specific bug bounty program, the name of the product, etc._). Once you have entered a name - click on the `Create` button.
14 | 4. Your new Project will now appear in the `Workspace` panel.
15 | 5. Clicking on `⋮` will present the following additional options:
16 |
17 | - **Rename**: Rename your Project.
18 | - **Copy path**: Copy the Project's data location on your device to your clipboard. View the [Files](/concepts/internals/files.md) documentation for more information.
19 | - **Create backup**: Create a Backup of the Project data. View the [Backups](/reference/features/workspace/backups.md) documentation for more information.
20 | - **Delete**: Delete the Project from your Instance.
21 |
22 | 
53 |
--------------------------------------------------------------------------------
/src/reference/workflows/convert.md:
--------------------------------------------------------------------------------
1 | # Convert Type Workflows
2 |
3 | _For general documentation on utilizing the Workflows tab - click [here](/reference/workflows/workflows.md)._
4 |
5 | While Passive and Active Workflows operate on requests and responses - `Convert Workflows` operate on **bytes** received as input.
6 |
7 | ## Using Convert Workflows
8 |
9 | Convert Workflows are **manually triggered** and are integrated in various areas of Caido:
10 |
11 | **When using [Constant Values](/concepts/essentials/workflows/nodes/nodes.md#node-input-types-constant-value-reference-value)**:
12 |
13 | - Within the **Workflow Editor** supply the input in the `Data` field under `Inputs` with the `Use reference` checkbox **_deselected_**. Then apply the conversion by clicking the `Save and Run` button.
14 |
15 | 
16 |
17 | **When using [Reference Values](/concepts/essentials/workflows/nodes/nodes.md#node-input-types-constant-value-reference-value)**:
18 |
19 | - At the bottom of the Concept **Workflow Editor** is an Input pane in which you can supply data and then apply the conversion by clicking the `Save and Run` button.
20 |
21 | 
22 |
23 | - Highlight the data to be changed, right-click in the associated pane and select either `Convert (Preview)` or `Convert (Replace)`. `Preview` will present the output in a pop-up window and `Replace` will apply the conversion to the selected bytes.
24 |
25 | 
26 |
27 | ## Creating a New Convert Workflow: MD5 Hash Example
28 |
29 | ::: tip
30 | This example Workflow is available for download and import. Click [here](https://github.com/caido/documentation/tree/main/diagrams/data/Base64_Decode_Example.json) to download.
31 | :::
32 |
33 | ::: info
34 | In this example - the Workflow created will perform MD5 hashing on the given input.
35 | :::
36 |
37 | > Navigate to the **Workflow Editor** for the Convert type by following these steps:
38 | >
39 | > - Select the `Workflow` tab from the left-hand menu within the Caido window.
40 | > - Select the `Convert` tab.
41 | > - Click `+ New Workflow`.
42 |
43 | 1. Enter an arbitrary name for your Workflow.
44 | 2. (_Optional_) Enter a description of the workflow.
45 | 3. Click `Save`.
46 |
47 | 
48 |
49 | 4. **Click, hold and drag** the `MD5 Hash` Node into the pane directly right.
50 | 5. Drag the Nodes into a top-down heirachical structure. Connect them together by making Node `Connections`.
51 |
52 | ::: warning
53 | Convert Workflows require an End Node to function properly.
54 | :::
55 |
56 | 6. Select the `MD5 Hash` Node by clicking on it to display its properties in the right-hand pane. Here, the Node's Name, `Alias` and input type (`Constant Value` or `Reference Value`) can be configured (_for this example creation, leave the default configuration as is_).
57 | 7. Supply test input to be converted by the Workflow.
58 | 8. Click `Save and Run` - the conversion output will be displayed in the Output pane.
59 |
--------------------------------------------------------------------------------
/src/reference/index.md:
--------------------------------------------------------------------------------
1 | # Directory
2 |
3 | **[Common Errors](./common_errors.md)** - common errors and matching resolutions.
4 |
5 | ## Configuration
6 |
7 | - **[Listening Address & Port](./configuration/listening_address.md)** - listening address customization.
8 | - **[CA Certificate](./configuration/import_ca_certificate.md)** - downloading Caido's CA Certificate and importing it to your browser.
9 | - **[Data Location](./configuration/data_location.md)** - where Caido generated data is stored/customizing the location.
10 |
11 | ## Features: _Overview_
12 |
13 | - **[Sitemap](./features/overview/sitemap.md)** - capturing/navigating the file structure of a website.
14 | - **[Sorting](./features/overview/sorting.md)** - sorting tables by property categories.
15 | - **[Scope](./features/overview/scope.md)** - filtering what Caido captures/presents.
16 | - **[Filters](./features/overview/filters.md)** - creating filter presets for use with HTTPQL.
17 |
18 | ## Features: _Proxy_
19 |
20 | - **[Intercept](./features/proxy/intercept.md)** - capturing requests/responses.
21 | - **[HTTP History](./features/proxy/http_history.md)** - viewing/interacting with all HTTP/S traffic proxied through Caido.
22 | - **[WebSocket History](./features/proxy/ws_history.md)** - viewing/interacting with all WebSocket traffic proxied through Caido.
23 | - **[Match & Replace](./features/proxy/match_replace.md)** - specifying elements of a request/response to automatically replace.
24 |
25 | ## Features: _Testing_
26 |
27 | - **[Replay](./features/testing/replay.md)** - modifying and sending requests arbitrarily.
28 | - **[Automate](./features/testing/automate.md)** - fuzzing/bruteforcing requests.
29 | - **[Assistant](./features/testing/assistant.md)** - Caido's AI, security-tailored LLM integration.
30 |
31 | ## Features: _Logging_
32 |
33 | - **[Search](./features/logging/search.md)** - filtering using HTTPQL to find the exact request or response you're looking for that is contained in Caido.
34 | - **[Findings](./features/logging/findings.md)** - inspecting/analyzing discoveries produced by tools.
35 | - **[Exports](./features/logging/exports.md)** - exporting data from Caido.
36 |
37 | ## Features: _Workspace_
38 |
39 | - **[Files: _User Uploads_](./features/workspace/files.md)** - uploading files to Caido for use/reuse.
40 | - **[Plugins](./features/workspace/plugins.md)** - installing and managing plugin packages.
41 | - **[Projects](./features/workspace/projects.md)** - organizing your assessments.
42 | - **[Backups](./features/workspace/backups.md)** - creating Backup files of your Projects/recovering Projects from Backup files.
43 |
44 | ## Plugins
45 |
46 | - **[Custom CSS](./plugins/custom_css.md)** - customizing Caido's UI with your own CSS code.
47 | - **[Custom JavaScript](./plugins/custom_js.md)** - `WORK IN PROGESS`
48 | - **[Custom Workflow Nodes](./plugins/custom_workflow_nodes.md)** - `WORK IN PROGRESS`
49 |
50 | ## Workflows
51 |
52 | - **[Workflows](./workflows/workflows.md)** - Caido Workflows.
53 | - **[Passive Workflows](./workflows/passive.md)** - creating and applying Passive Type Workflows.
54 | - **[Convert Workflows](./workflows/convert.md)** - creating and applying Convert Type Workflows.
55 | - **[Convert Coding Nodes](./workflows/convert/coding_nodes.md)** - JavaScript, shell command and control flow Nodes.
56 | - **[SDK](./workflows/sdk.md)** - Software Development Kit.
57 |
--------------------------------------------------------------------------------
/src/concepts/internals/cloud.md:
--------------------------------------------------------------------------------
1 | # Cloud
2 |
3 | Caido Cloud is comprised of the [Dashboard](https://dashboard.caido.io) and the API that the Instances use to communicate with us.
4 |
5 | ## Why?
6 |
7 | We are aware that tying our product to a cloud is controversial. We developed our own cloud platform for a couple of reasons:
8 |
9 | - **Billing**: We don't bill per license, we bill per user and we want to allow you to install Caido on as many machines as you want. It is not possible to do so without a concept of account (notably to prevent abuse).
10 | - **Access Control**: We want to allow multiple users to share Instances securely without having to re-create a new account on each one, this requires a central service to set permissions. You can learn more about the process in the [Authentication](/concepts/internals/authentication.md) page.
11 | - **Complementary Services**: We want to offer complementary cloud services like the [Assistant](/reference/features/testing/assistant.md) and sharing capabilities (in the future).
12 |
13 | ## API
14 |
15 | In an effort of transparency, we are publishing the OpenAPI specification of the cloud API used by Caido Instances. It is automatically updated when we deploy changes to our production environment.
16 |
17 | [Go to Specification](https://github.com/caido/caido/blob/main/api/cloud_instance.yaml).
18 |
19 | ## Data Collection
20 |
21 | When you register for Caido, we collect your name and email address, as well as information about your user agent. You can **always** request for us to delete your account by sending us an email at `info [at] caido.io`.
22 |
23 | When you use Caido, we collect interaction data between your Instances and our cloud services. This includes the **IP address** of the Instance and **API call actions/timestamps**. If you look at the OpenAPI specification, this mainly relates to:
24 |
25 | - `/instance/alive`: We track Instance startup and alive status once per 24H.
26 | - `/instance/user/session`: We track when a user interact for the first time with an Instance and once every hour.
27 | - `/instance/user/profile`: We track when a user interact for the first time with an Instance and once every hour.
28 | - `/instance/assistant/complete`: We track Assistant token usage, but **not** the messages sent to us.
29 |
30 | ::: info
31 | We do not collect any data stored on your Instances nor interactions within the Caido application.
32 | :::
33 |
34 | [Privacy Policy](https://caido.io/privacy)
35 |
36 | ## Location & Security
37 |
38 | - Our Cloud services are currently hosted on [Render](https://render.com) in their Oregon (USA) region. Refer to their [trust](https://trust.render.com/) page for more information.
39 | - The assistant uses the [OpenAI](https://openai.com) services hosted in the US. Data sent to it can be stored for [up to 30 days](https://platform.openai.com/docs/models/how-we-use-your-data).
40 | - The public facing part of our API is protected by [Cloudflare](https://cloudflare.com).
41 | - We perform daily backups that are stored encrypted for 30 days on [Google Cloud](https://cloud.google.com/) in the US.
42 | - Our data in transit uses HTTPS with TLS 1.2 and data at rest uses AES-256.
43 | - Our production environment can only be accessed by the founding team using [Tailscale](https://tailscale.com).
44 |
45 | ::: tip
46 | If you wish to report a security issue, please contact us at `security [at] caido.io`.
47 | :::
48 |
--------------------------------------------------------------------------------
/src/reference/features/testing/replay.md:
--------------------------------------------------------------------------------
1 | # Replay
2 |
3 | The `Replay` tab allows you to edit and replay requests individually. This feature provides a quick way to test your web applications by forwarding certain requests repeatedly with different modifications.
4 |
5 | Requests can easily be sent to Replay from other interfaces within Caido - enabling further investigation of requests that seem interesting from a testing perspective.
6 |
7 | You can create requests from scratch from a blank template, or start from any existing request inside the application.
8 |
9 | ## Replay Layout
10 |
11 | To familiarize yourself with the Replay interface, continue below:
12 |
13 |
14 |
15 | 1. Select the `Replay` tab from the left-hand menu within the Caido window.
16 | 2. These numerically named tabs are the requests that have been sent to `Replay` in the order they were sent. To select a request, simply click on the desired tab. You can arbitrarily rename a tab by right-clicking it and selecting `Rename`.
17 | 3. Click the `Send` button to forward the request. Clicking `<` or `>` will sort through the forwarding history of the currently loaded request (_in Caido, the historical recording of forwarded requests is known as a **Session**_).
18 | 4. Make any desired modifications to the request in this pane.
19 | 5. Once a request has been forwarded - this pane presents the associated response.
20 | 6. This is the resulting list of options presented after right-clicking within the request pane.
21 |
22 | ## Replay Sessions & Collections
23 |
24 | Requests are organized into `Sessions` and `Collections`.
25 |
26 | A Session is a group of requests that are related to each other. Every time you edit and send a request, it is saved in the history of that replay Session. This allows you to keep track of the changes you made to the request, and easily go back to previous versions.
27 |
28 | Replay Collections allow you to group Sessions. You can rename Collections and duplicate Sessions. This allows you to keep your Sessions organized and easily switch between them. You can group Sessions however you want: by Project, by feature or by environment. To do so - **click, hold and drag** the Session into the Collection folder you wish to include the requests in.
29 |
30 | ## Additional Information
31 |
32 | ::: info
33 | The historical record of the request Session can be viewed at the bottom of the request pane - represented as `X/Y` where X is the currently displayed request and Y is the number of requests within this Session.
34 | :::
35 |
36 | ::: tip TIPS
37 |
38 | - Navigate quickly through the history of requests and responses in your Session by using the arrows at the top of the Replay table.
39 | - You can use Convert Workflows in Replay. View the [Workflows](/reference/workflows/convert.md) documentation for more information.
40 | - Right-click within a request and select `On toggle verb` to convert the request from a POST request with a body to a GET request with query parameters.
41 | - To send a request to `Automate` from `Replay`, either right-click inside the request pane or focus the request pane and use `CTRL+M`.
42 | - Clicking the `{}` button will toggle the Pretty/Raw display option.
43 | - If you have installed the rendering engine - clicking the image icon located at the top-right corner of the response pane will present a visual representation of the response. View the [Basic Configuration](/quickstart/beginner_guide/setup/config.md) documentation for more information.
44 |
45 | :::
46 |
--------------------------------------------------------------------------------
/src/_schemas/data_export.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "http://json-schema.org/draft-07/schema#",
3 | "title": "DataExport",
4 | "type": "array",
5 | "items": {
6 | "$ref": "#/definitions/ExportRequest"
7 | },
8 | "definitions": {
9 | "ExportRequest": {
10 | "type": "object",
11 | "required": [
12 | "alteration",
13 | "created_at",
14 | "edited",
15 | "host",
16 | "id",
17 | "is_tls",
18 | "length",
19 | "method",
20 | "path",
21 | "port",
22 | "query",
23 | "source"
24 | ],
25 | "properties": {
26 | "alteration": {
27 | "type": "string"
28 | },
29 | "created_at": {
30 | "type": "integer",
31 | "format": "int64"
32 | },
33 | "edited": {
34 | "type": "boolean"
35 | },
36 | "file_extension": {
37 | "type": [
38 | "string",
39 | "null"
40 | ]
41 | },
42 | "host": {
43 | "type": "string"
44 | },
45 | "id": {
46 | "type": "integer",
47 | "format": "int32"
48 | },
49 | "is_tls": {
50 | "type": "boolean"
51 | },
52 | "length": {
53 | "type": "integer",
54 | "format": "int32"
55 | },
56 | "method": {
57 | "type": "string"
58 | },
59 | "parent_id": {
60 | "type": [
61 | "integer",
62 | "null"
63 | ],
64 | "format": "int32"
65 | },
66 | "path": {
67 | "type": "string"
68 | },
69 | "port": {
70 | "type": "integer",
71 | "format": "int32"
72 | },
73 | "query": {
74 | "type": "string"
75 | },
76 | "raw": {
77 | "type": [
78 | "string",
79 | "null"
80 | ]
81 | },
82 | "response": {
83 | "anyOf": [
84 | {
85 | "$ref": "#/definitions/ExportResponse"
86 | },
87 | {
88 | "type": "null"
89 | }
90 | ]
91 | },
92 | "source": {
93 | "type": "string"
94 | }
95 | }
96 | },
97 | "ExportResponse": {
98 | "type": "object",
99 | "required": [
100 | "alteration",
101 | "created_at",
102 | "edited",
103 | "id",
104 | "length",
105 | "status_code"
106 | ],
107 | "properties": {
108 | "alteration": {
109 | "type": "string"
110 | },
111 | "created_at": {
112 | "type": "integer",
113 | "format": "int64"
114 | },
115 | "edited": {
116 | "type": "boolean"
117 | },
118 | "id": {
119 | "type": "integer",
120 | "format": "int32"
121 | },
122 | "length": {
123 | "type": "integer",
124 | "format": "int32"
125 | },
126 | "parent_id": {
127 | "type": [
128 | "integer",
129 | "null"
130 | ],
131 | "format": "int32"
132 | },
133 | "raw": {
134 | "type": [
135 | "string",
136 | "null"
137 | ]
138 | },
139 | "status_code": {
140 | "type": "integer",
141 | "format": "int32"
142 | }
143 | }
144 | }
145 | }
146 | }
--------------------------------------------------------------------------------
/src/reference/features/proxy/match_replace.md:
--------------------------------------------------------------------------------
1 | # Match & Replace
2 |
3 | The `Match & Replace` tab allows you to define match and replace rules using HTTPQL and regex syntax. These rules can be used to automate the modification of requests and responses as they pass through the proxy.
4 |
5 | Match & Replace rules can be organized into `Collections`, which allows you to group rules however you see fit. For example, you can create a Collection to group header rules, user authorization rules, etc. - making testing against certain elements a seamless process.
6 |
7 | ## Creating a New Match & Replace Rule
8 |
9 | 
10 |
11 | ::: info
12 | In this example - the Match & Replace rule created will change the value of the **isAdmin** response parameter from **false** to **true**.
13 | :::
14 |
15 | 1. Select the `Match & Replace` tab from the left-hand menu within the Caido window.
16 | 2. Click `New Rule`. The drop down arrow attached to this button allows you to switch between `New Rule` and `New Collection`.
17 | 3. When creating a new rule, you can update the following fields:
18 |
19 | - `Name`: A name for the rule.
20 | - `Strategy`: Defines what part of the request to perform the match/replace on, such as request header, response header, request body, request first line, etc.
21 | - `Search as regex`: If the `Search term` is a regex or a simple string match.
22 | - `Search term`: The term to search for in the defined part of the request or response.
23 | - `Replace term`: The term to replace the search term with.
24 | - `Condition`: An [HTTPQL](/concepts/essentials/httpql.html) query that defines which requests/responses this rule applies to.
25 |
26 | 4. When you're done updating your rule, you can use the bottom panes to test your rule against a mock request/response. Click on the `Test` button and see if your rule works as intended.
27 | 5. You can enable or disable individual rules by clicking on the checkbox next to each rule in the tree view. Enabled rules will be shown in the `Active rules` section of the page. This section displays the list of the rules that are currently active and will be applied to the requests/responses that pass through the proxy.
28 | 6. These are your rule Collections. To move rules between collections - **click, hold and drag** a rule into the Collection folder you wish to include the rule in.
29 |
30 | ::: tip TIPS
31 |
32 | - If you're having an issue with your Match & Replace rule not taking affect, and you've already double checked your `Strategy`,
33 | make sure you're looking at the un-prettified version of the request/response body by pressing the `{} Prettify` button within any request/response pane to ensure your spacing is correct.
34 | - The order of the rules in the "Active rules" section determines the order in which they will be applied to the requests and responses. You can change the order of the rules by dragging and dropping. This allows you to adjust the order to suit your needs and can be useful when working with multiple rules that may have conflicting or overlapping conditions.
35 |
36 | :::
37 |
38 | ## Append a Request Header with a Custom String Example
39 |
40 | Many popular bug bounty programs require a custom header to be sent with your requests. You can do this in Caido using the `Match and Replace` feature.
41 |
42 | ::: info
43 | In this example - the Match & Replace rule created will change the value of the **User-Agent** header to **bughunter**.
44 | :::
45 |
46 | ### Strategy
47 |
48 | - Request Header (_enable_ `Search as regex`)
49 |
50 | ### Search
51 |
52 | - ^(User-Agent: .+)
53 |
54 | ### Replace
55 |
56 | - $1 bughunter
57 |
--------------------------------------------------------------------------------
/src/reference/features/testing/assistant.md:
--------------------------------------------------------------------------------
1 | # Assistant
2 |
3 |
56 |
64 |
65 | Prompt
57 | 58 | ``` 59 | Explain the operation being performed by the endpoint in this request: 60 | [PASTE REQUEST HERE] 61 | ``` 62 | 63 |
66 |
67 | ### Generate a POC CSRF Attack
68 |
69 | The Assistant page currently allows you to generate a proof-of-concept for a [CSRF Attack](https://owasp.org/www-community/attacks/csrf).
70 |
71 |
72 |
80 |
81 | Prompt
73 | 74 | ``` 75 | Create a CSRF PoC in HTML that will automatically submit the form for the following request: 76 | [PASTE REQUEST HERE] 77 | ``` 78 | 79 |
82 |
83 | ## Additional Information
84 |
85 | ::: tip
86 | Be careful if your payload is huge, it can cost a lot of credits.
87 | :::
88 |
--------------------------------------------------------------------------------
/src/reference/features/proxy/http_history.md:
--------------------------------------------------------------------------------
1 | # HTTP History
2 |
3 | The `HTTP History` tab allows you to view requests and responses as they pass through the proxy. The HTTP History tab shows a table of all requests that have been proxied through Caido.
4 |
5 | The table format allows for easy examination of the traffic flow by offering categories of sortable properties. These properties include details such as the intended host of the request, the request method used, pathing and extension information - as well as details of the associated response such as status code, response length and response time.
6 |
7 | Advanced filtering and data exportation capabilities are also integrated into the HTTP History interface.
8 |
9 | ## HTTP History Layout
10 |
11 | To familiarize yourself with the HTTP History interface, continue below:
12 |
13 | 
14 |
15 | 1. Select the `Intercept` tab from the left-hand menu within the Caido window.
16 | 2. This pane lists all the **requests** that have been proxied through Caido. Select one from the list by clicking on it to view its contents.
17 | 3. The contents of the selected **request** will be displayed in this pane.
18 | 4. The contents of the **response** paired with the selected **request** will be displayed in this pane.
19 | 5. Clicking `Export` will present you with options to export HTTP History data. View the [Exports](/reference/features/logging/exports.md) documentation for more information.
20 | 6. The `Enter an HTTPQL query...` input bar and `Advanced` button provide filtering options for the history feed. View the [HTTQL](/concepts/essentials/httpql.md) and [Filters](/reference/features/overview/filters.md) documentation for more information.
21 | 7. All active Filter Presets are listed here. Click on the cog wheel icon in the bottom-right corner of this pane to select/deselect filtering options.
22 |
23 | ## Modifications of Requests/Responses
24 |
25 | **If you previously edited content directly in the Intercept interface:**
26 |
27 | In the `HTTP History` and `Search` tabs, a dropdown menu will appear in any requests or responses that you modified within Intercept before forwarding. The `Manual` selection will display the edits while the `Original` selection will show the request/response in its initial state.
28 |
29 | ::: info
30 | This includes any modifications made by any active [Match & Replace](/reference/features/proxy/match_replace.md) rule(s).
31 | :::
32 |
33 | 
34 |
35 | ## Additional Information
36 |
37 | ::: tip TIPS
38 |
39 | - [Applying a Scope Preset](/reference/features/overview/scope.md) is supported by HTTP History.
40 | - [Applying a Filter Preset](/reference/features/overview/filters.md) is supported by HTTP History.
41 | - Clicking the column names (_located at the top and spanning horizontally_) within the top request list pane will sort the requests by the selected column category. View the [Sorting by Properties](/reference/features/overview/sorting.md) documentation for more information.
42 | - To send a request to `Replay` from `HTTP History`, either right-click inside the request pane or focus the request pane and use `CTRL+R`.
43 | - To send a request to `Automate` from `HTTP History`, either right-click inside the request pane or focus the request pane and use `CTRL+M`.
44 | - Clicking the `{}` button will toggle the Pretty/Raw display option.
45 | - If you have installed the rendering engine - clicking the image icon located at the top-right corner of the response pane will present a visual representation of the response. View the [Basic Configuration](/quickstart/beginner_guide/setup/config.md) documentation for more information.
46 |
47 | :::
48 |
--------------------------------------------------------------------------------
/src/concepts/essentials/workflows/nodes/nodes.md:
--------------------------------------------------------------------------------
1 | # Nodes
2 |
3 | ## What are Nodes?
4 |
5 | **Nodes** are simply **actions** or **conditions**. By connecting Nodes together, complex action sequences based on certain conditions are created.
6 |
7 | Nodes are visually represented by Caido as draggable blocks, colorized by category. They utilize an input/output model that can be used to send data altered by one Node to a subsequent Node.
8 |
9 | 
10 |
11 | ## Connecting Nodes
12 |
13 | A `Connection` is visually represented by the gray line between Nodes and determine the order of execution.
14 |
15 | Workflows use a top-down heirachical structure (_the Node at the very top represents the beginning of the flow and the Node at the bottom represents the end of the flow_).
16 |
17 | 
18 |
19 | 1. The down arrow within a circle icon represents a Node's `socket`.
20 | 2. Click and drag a bottom socket to the top socket of the next/a subsequent Node in the flow to create a `Connection`.
21 |
22 | ## Node Alias
23 |
24 | A Node's `Alias` is an arbitrarily set identifier used to uniquely reference the associated Node within a Workflow.
25 |
26 | Aliases can consist of lowercase letters, hyphens, underscores and numbers.
27 |
28 | ::: info
29 | This differs from a Node's Name which simply serves cosmetic purposes to assist in the visual representation.
30 | :::
31 |
32 | ## Node Input Types: Constant Value & Reference Value
33 |
34 | ### 1. Constant Value Type
35 |
36 | `Constant Values` - the input used by the Node's execution will be the **_supplied value_**.
37 |
38 | - To use this input type, manually enter the data to be used in the `Data` field under `Inputs` with the `Use reference` checkbox **_deselected_**.
39 |
40 | 
41 |
42 | ### 2. Reference Value Type
43 |
44 | `Reference Values` - the input used by the Node's execution will be the **_output of a previous Node_**.
45 |
46 | - To use this input type, the content of the `Data` field under `Inputs` with the `Use reference` checkbox **_selected_** should be formatted using the following syntax:
47 |
48 | ```
49 | $[node_alias].[property_alias]
50 | ```
51 |
52 | 
53 |
54 | _Example (pictured above):_
55 |
56 | - _The value_ `$start.data` _is the output of the_ **Start** _Node being taken as input by the_ **Base64 Encode** _Node_.
57 | - _The output of the_ **Base64 Encode** _Node will be referenced by the_ **End** _Node as_ `$base64_encode.data`.
58 |
59 | ## Node Categories
60 |
61 | Certain Nodes are specific to a Workflow type (Passive/Active/Convert). Though, in general, Nodes can be categorized broadly and associated together by color:
62 |
63 | ### Start/End Nodes
64 |
65 | These Nodes are color categorized together by their yellow marked tabs. They mark the beginning and end of a Workflow.
66 |
67 | ### Control Nodes
68 |
69 | These Nodes are color categorized together by their green marked tabs and allow you to dictate the execution flow.
70 |
71 | ### Code Nodes
72 |
73 | These Nodes are color categorized together by their green marked tabs and provide a way to integrate Shell commands and Javascript.
74 |
75 | ### Miscellaneous Nodes (Blue)
76 |
77 | These Nodes are color categorized together by their green marked tabs. The actions they perform include encoding/decoding, hashing/dehashing and filtering.
78 |
79 | 
80 |
81 | ::: info
82 | The development of Nodes will be ongoing and new nodes will be included in future Caido releases.
83 | :::
84 |
--------------------------------------------------------------------------------
/src/reference/workflows/workflows.md:
--------------------------------------------------------------------------------
1 | # Enhanced Testing Using Workflows
2 |
3 | _For conceptual documentation on Workflows - click [here](/concepts/essentials/workflows.md)._
4 |
5 | Incorporating **Workflows** into your methodology greatly extends the functionality of Caido. The level of customization offered by Caido Workflows allows you to repeatedly apply certain actions/conversions that are commonly used in your testing process. Anything from encoding data to complex sequences of modifications based on certain conditions by utilizing flow paths are possible with Workflows.
6 |
7 | Multi-step processes that, before, needed to be performed manually can be saved within a Workflow for immediate, discretionary and repeated use - ensuring your testing is as time-efficient as possible.
8 |
9 | ## Workflow Data Types
10 |
11 | The data types that Workflows use include:
12 |
13 | - **Bytes**
14 | - **Strings**
15 | - **Boolean Values**
16 | - **Integers**
17 | - **Request Objects**
18 | - **Response Objects**
19 |
20 | ## The Workflows Tab
21 |
22 | 
23 |
24 | 1. Select the `Workflows` tab from the left-hand menu within the Caido window.
25 | 2. The three types of Workflows (`Passive`/`Active`/`Convert`) are listed horizontally here as tabs. Click to toggle between them.
26 | 3. Click on the red `+ New Workflow` button paired with the desired type tab selected to create a new Workflow of that type.
27 | 4. Toggling the `Enabled` checkbox from filled to empty will dictate the inclusion/exclusion of the associated Workflow in the user interface respectively.
28 |
29 | ::: info
30 | By default, Workflows are present globally (_meaning they will span across all your Projects_).
31 | :::
32 |
33 | 5. To render a Workflow specific to a project - click the `Switch to project-specific` text within the parenthesis.
34 | 6. Clicking the `Edit` button will present the Workflow editor and the `Duplicate` button will create a copy of the Workflow.
35 | 7. Clicking on `Community Workflows` will open a browser window to Caido's Workflow Github Repository. Here you can download Workflows created by other Caido users or submit your own!
36 |
37 | ::: info
38 | Workflow files are JSON based.
39 | :::
40 |
41 | 8. Click `Download` to locally download the selected Workflow. To delete the selected Workflow - click `Delete`.
42 | 9. `Import` allows you to select downloaded Workflows to use in your Caido instance.
43 |
44 | ## The Workflow Editor
45 |
46 | ::: info
47 | This interface will be displayed after clicking either the `+ New Workflow` button or the `Edit` button on an existing Workflow.
48 | :::
49 |
50 | You will first be presented with a pane that includes fields to name your new Workflow as well as provide an optional description. Click `Save` to apply these properties.
51 |
52 | 
53 |
54 | The name and description pane will switch to a pane that displays a Node's properties when one is selected.
55 |
56 | 
57 |
58 | 1. The available Nodes based on the selected Workflow type are displayed in this pane. They are represented as draggable blocks. To use a Node, simply **click, hold and drag** one into the pane directly right.
59 | 2. This pane is where your Workflow is created. Here, [Connections](/concepts/essentials/workflows/nodes/nodes.md#connecting-nodes) between Nodes are made. Clicking a Node will select it (_observe the highlighted border_). The ability to save the Workflow as well as view options are included within this pane as well.
60 | 3. After selecting a Node, the Node's properties are displayed here. The ability to delete the currently selected Node is included in this pane as well.
61 |
62 | ## Advanced Workflow Types Documentation
63 |
64 | 1. [Passive Workflows](/reference/workflows/passive.md)
65 | 2. Active Workflows - `WORK IN PROGRESS`
66 | 3. [Convert Workflows](/reference/workflows/convert.md)
67 |
--------------------------------------------------------------------------------
/src/concepts/plugins/plugin_basics.md:
--------------------------------------------------------------------------------
1 | # Plugin Basics
2 |
3 | ## What are Plugins?
4 |
5 | **Plugins** provide a way to enhance the functionality of the Caido application by allowing users to develop custom features and components. The ability to create and install plugins allows for modular extension - ensuring that your testing needs are met even if a feature is not available in the default installation.
6 |
7 | Conceptualize them as extensive [Workflows](/concepts/essentials/workflows.md). While they both provide task automation - plugin development offers a greater level of complexity and flexibility.
8 |
9 | ::: warning
10 | Plugins are community driven by Caido users. Since development and distribution are done in this 3rd-party sense - Caido makes no warranty on the safety, functionality or quality of any plugin installed.
11 | :::
12 |
13 | As Caido utilizes **client/server architecture** - inherently, this means plugin development consists of the [frontend](/concepts/plugins/frontend.md) and [backend](/concepts/plugins/backend.md) components.
14 |
15 | ## Plugin Packages
16 |
17 | Plugins are installed through plugin packages which can contain one or more plugins. Everything from metadata properties, configuration details, dependency declarations, user-interface elements, function scripts, etc. are included in these packages.
18 |
19 | ::: info
20 | For documentation on the tooling files shared by all plugin starterkits offered by Caido - click [here](/concepts/plugins/plugin_tooling.md).
21 | :::
22 |
23 | ### Manifest
24 |
25 | The `manifest.json` configuration file defines the plugin package structure and also contains metadata used by the Caido installer.
26 |
27 | The properties, values and their necessity of inclusion vary dependent on their component association (_frontend or backend_).
28 |
29 | Within the first data object:
30 |
31 | - `id`: Must be **unique** and must only consist of **lowercase** letters, **numbers**, **hyphens** and **underscores** (_the order of which must satisfy the regex: `^[a-z]+(?:[_-][a-z0-9]+)*$`_). This property is **required**.
32 | - `name`: If not supplied, the `id` will be used as the `name`. This property is not subject to the same rules of the `id` property. This property is **optional**.
33 | - `version`: Versioning follows the `MAJOR.MINOR.PATCH` syntax. This property is **required**.
34 | - `description`: A description of the plugin. This property is **optional**.
35 | - `author`: Within this object are the `name`, `email` and `url` properties. These may be supplied for crediting purposes. This property is **optional**.
36 |
37 | Within the `plugins` array:
38 |
39 | - `kind`: Specifies the plugin type: `frontend` or `backend`. This property is **required**.
40 | - `id`: Must be **unique** and must only consist of **lowercase** letters, **numbers**, **hyphens** and **underscores** (_the order of which must satisfy the regex: `^[a-z]+(?:[_-][a-z0-9]+)*$`). This property is **required**.
41 | - `name`: If not supplied, the `id` will be used as the `name`. This property is not subject to the same rules of the `id` property. This property is **optional**.
42 | - `entrypoint`: Specifies the location of the primary script to be executed when the Caido application/plugin is launched. This property is **required**. **Only one entrypoint file per plugin package is allowed.**
43 | - `style`: Specifies the location of the CSS file to be used to stylize elements of your plugin. This property is **optional**. **Only one style file per plugin package is allowed.**
44 | - `backend`: This object contains the `id` of the associated backend plugin. This property is **required** when linking a frontend plugin to a backend plugin.
45 | - `runtime`: Specifies that JavaScript code will be executed. This property is **required** for backend plugins.
46 |
47 | ::: tip Additional information:
48 |
49 | - Multiple plugins are allowed in the array of each `manifest.json` file.
50 | - The first instance of the `name` property is the cosmetic plugin package name and is displayed in the [Plugins](/reference/features/workspace/plugins.md) table. If the array includes multiple plugins - additional instances of the `name` property are displayed next to the plugins when expanding the parent element by toggling the `>` icon to `∨`.
51 | - The `frontend` directory is generated upon the completion of the build process when using the Vite build tool.
52 | :::
53 |
--------------------------------------------------------------------------------
/src/reference/workflows/convert/coding_nodes.md:
--------------------------------------------------------------------------------
1 | # Convert Coding Nodes
2 |
3 | Most Convert Nodes have intuitive inputs that are covered by the [Nodes](/concepts/essentials/workflows/nodes/nodes.md) documentation.
4 |
5 | There are a few exceptions that require further explanation:
6 |
7 | - [JavaScript Node](#javascript-node-sdk)
8 | - [Shell Node](#shell-node)
9 | - [Control Flow Nodes](#control-flow-nodes)
10 |
11 | ## JavaScript Node SDK
12 |
13 | _For advanced documentation on this topic - click [here](/reference/workflows/sdk.md)._
14 |
15 | The `JavaScript Code Node` allows you to run custom scripts in your Convert Workflow. They have a minimal code editor available in the properties pane.
16 |
17 | When a JavaScript Node is executed inside a [Workflow](/concepts/essentials/workflows.md), the `run` function will be triggered.
18 |
19 | 
20 |
21 | This function will take the `input` and `sdk` input parameters:
22 |
23 | ```js
24 | export function run(input, sdk) {
25 | let parsed = sdk.asString(input);
26 | sdk.console.log(parsed);
27 | return parsed;
28 | }
29 | ```
30 |
31 | The `sdk` parameter is an object that supplies various functionality for the Caido JS Node SDK.
32 |
33 | ::: info
34 | Below you will find a summary of its various functions, but for now, just know that `sdk.console.log()` is a way to output data for debugging to the [Caido Log File](/reference/configuration/data_location.md).
35 | :::
36 |
37 | The `input` object is a `BytesInput` object, which is essentially an array of `number` objects which represent the Unicode codepoints of the selected text over each index of the user supplied input.
38 |
39 | For example:
40 |
41 | ```js
42 | export function run(input, sdk) {
43 | sdk.console.log(input)
44 | ...
45 | }
46 | ```
47 |
48 | Where the selected input was `aaa` will result in:
49 |
50 | ```
51 | 2024-05-26T12:14:13.115630Z INFO executor:0|arbiter:3 JsSdk: [ 97, 97, 97 ]
52 | ```
53 |
54 | being outputed to the [backend logs](/reference/configuration/data_location.md) since the Unicode codepoint for `a` is `97`.
55 |
56 | In order to get the `String` version of the input, we use the `sdk.asString` function which will convert each byte of the array into its String character conterpart:
57 |
58 | ```js
59 | let parsed = sdk.asString(input);
60 | ```
61 |
62 | From there you can perform various operations on the input.
63 |
64 | ::: tip
65 |
66 | Additional functionality of `sdk`:
67 |
68 | - `sdk.asString` - convert `BytesInput` object to String.
69 | - `sdk.console` - access to JS console functionality.
70 | - `sdk.console.log` - log data to the console.
71 | - `sdk.console.warn` - log warning data to the console.
72 | - `sdk.console.debug` - log debug data to the console.
73 | - `sdk.console.error` - log error data to the console.
74 | - `sdk.console.requests` - access to the SDK for the Requests service.
75 | - `sdk.console.requests.inScope` - determine whether the current request is in scope or not
76 |
77 | :::
78 |
79 | ## Shell Node
80 |
81 | The `Shell Node` allows you to call external programs in the Workflow.
82 |
83 | 
84 |
85 | Depending on the platform on which Caido is running (Unix/Windows/MacOS) you will have access to different shells:
86 |
87 | 
88 |
89 | - Select your shell from the drop-down menu.
90 | - For some shells, Caido will try to source the default `.[shell]rc` file in your home directory. If that doesn't work for you, you can manually override the `Init`.
91 |
92 | Data is received via `STDIN` and is expected to output on `STDOUT`. The `STDERR` will be printed in the [backend logs](/reference/configuration/data_location.md). The command should also exit with `0`.
93 |
94 | ::: tip
95 | If you're running Caido on Windows and you'd like to call out to WSL for the shell node, use the following to trigger in the WSL environment:
96 |
97 | ```
98 | wsl -- YOUR_COMMAND
99 | ```
100 |
101 | :::
102 |
103 | ## Control Flow Nodes
104 |
105 | Control Flow Nodes allow you to take various paths based on conditions.
106 |
107 | ### If/Else Node
108 |
109 | The `If/Else Node` can split the Workflow into two paths of action - based on the Boolean evalutation of a previous Node.
110 |
111 | ### If/Else JavaScript Node
112 |
113 | The `If/Else Javascript` Node is very similar to the `JavaScript Code Node`, with the exception that **it must return a Boolean value**.
114 |
115 | ```javascript
116 | export function run(input, sdk) {
117 | return false;
118 | }
119 | ```
120 |
121 | ::: info
122 | The development of Nodes will be ongoing and new nodes will be included in future Caido releases.
123 | :::
124 |
--------------------------------------------------------------------------------
/src/quickstart/beginner_guide/first_steps_with_caido/automate.md:
--------------------------------------------------------------------------------
1 | # Automating Brute-Forcing/Fuzzing
2 |
3 | ## Automate
4 |
5 | ::: tip
6 | To send a request to `Automate`, either right-click inside the request pane of `Intercept` or `HTTP History` or focus the request pane and use `CTRL+M`.
7 | :::
8 |
9 | 
10 |
11 | 1. Select the `Automate` tab from the left-hand menu within the Caido window.
12 | 2. Select the [Attack Strategy](#attack-strategies).
13 | 2. Highlight the element(s) you wish to brute-force/fuzz.
14 | 3. Once the element is highlighted - click `+` to convert it to a placeholder. **_You can remove a placeholder/placeholders by selecting them and then clicking `-` or you can clear all placeholders by clicking `Clear`._**
15 | 4. Select a [Payload Type](#payload-types), apply [Preprocessors](#preprocessors) and set additional [Settings](#settings) within this pane.
16 | 5. Click `Run` when your automation campaign is configured to begin brute-forcing/fuzzing.
17 | 7. The configuration tab as well as the associated results tab will be paired next to each other here.
18 |
19 | ## Automate Results
20 |
21 | To inspect the results of your `Automate` campaign - proceed with the following steps:
22 |
23 | 
24 |
25 | 1. Click the paired tab.
26 | 2. Each request will be displayed in this pane.
27 | 3. This pane will display the selected request and it's associated response.
28 | 4. This is the resulting list of options presented after right-clicking within the request pane.
29 | 5. The [HTTPQL query](/concepts/essentials/httpql.md) input bar.
30 |
31 | ## Attack Strategies
32 |
33 | Caido currently provides the following attack `Strategies`:
34 |
35 | 
36 |
37 | - **Sequential** _(Sniper)_: This will replace markers one at a time. If you have multiple markers, **only one** will be replaced for any given request.
38 | - **All** _(Battering Ram)_: This will replace all the markers with the same value.
39 | - **Parallel** _(Pitchfork)_: This will replace all the markers with different values from the different payloads. This requires payloads that each have the same number of elements.
40 | - **Matrix** _(Cluster Bomb)_: This will replace all the markers with all the combinations of payloads. Payloads can have different number of elements, but beware that this can create a large number of requests.
41 |
42 | ## Payload Types
43 |
44 | For each payload, you can choose a `Type` from the list:
45 |
46 | 
47 |
48 | - **Hosted File:** Allows you to select one of the files you had previously uploaded to the Caido Instance. View the [Files](/reference/features/workspace/files.md) documentation for more information.
49 | - **Simple List:** For cases where you want to test a short manually created list of elements.
50 | - **Null Payload:** Generate requests without changing anything in it.
51 | - **Numbers:** Generates a range of specified integers to use as a payload.
52 |
53 | ## Preprocessors
54 |
55 | Preprocessors enable you to apply additional modifications to the payloads.
56 |
57 | 
58 |
59 | - **Workflow**: Select a default or custom made Workflow to apply to the requests that will be sent in your campaign. View the [Workflow](/reference/workflows/workflows.md) documentation for more information.
60 | - **URL Encode**: This option includes an input bar in which you can supply characters to URL encode before the requests of your campaign are sent. There is also a checkbox to toggle between encoding/not encoding non-ASCII characters.
61 | - **Prefix**: Allows you to prefix a payload value with a supplied value.
62 | - **Suffix**: Allows you to append a supplied suffix value to a payload value.
63 |
64 | 
73 |
74 | - **Close Connection:** Toggle between keeping the socket connection or closing the socket connection after the paired response to a request is received.
75 | - **Update Content-Length:** Automatically update the value of the Content-Length header to account for the payload.
76 | - **Delay (ms) between requests:** The time in milliseconds to sleep between forwarding requests.
77 | - **# of workers:** The number of threads to run.
78 | - **Delay (ms) before retry:** The time in milliseconds to sleep until retrying a failed request.
79 | - **Max retries:** The number of reattempts to perform upon a failed request before moving on to the following requests.
80 |
--------------------------------------------------------------------------------
/diagrams/data/Color_In_Scope_GET_Requests_Example.json:
--------------------------------------------------------------------------------
1 | {
2 | "description": "The example given in the Passive Workflows documentation section. Sets color of GET requests to navy blue.",
3 | "edition": 2,
4 | "graph": {
5 | "edges": [
6 | {
7 | "source": {
8 | "exec_alias": "exec",
9 | "node_id": 3
10 | },
11 | "target": {
12 | "exec_alias": "exec",
13 | "node_id": 1
14 | }
15 | },
16 | {
17 | "source": {
18 | "exec_alias": "exec",
19 | "node_id": 2
20 | },
21 | "target": {
22 | "exec_alias": "exec",
23 | "node_id": 4
24 | }
25 | },
26 | {
27 | "source": {
28 | "exec_alias": "exec",
29 | "node_id": 0
30 | },
31 | "target": {
32 | "exec_alias": "exec",
33 | "node_id": 6
34 | }
35 | },
36 | {
37 | "source": {
38 | "exec_alias": "true",
39 | "node_id": 6
40 | },
41 | "target": {
42 | "exec_alias": "exec",
43 | "node_id": 2
44 | }
45 | },
46 | {
47 | "source": {
48 | "exec_alias": "false",
49 | "node_id": 6
50 | },
51 | "target": {
52 | "exec_alias": "exec",
53 | "node_id": 1
54 | }
55 | },
56 | {
57 | "source": {
58 | "exec_alias": "false",
59 | "node_id": 4
60 | },
61 | "target": {
62 | "exec_alias": "exec",
63 | "node_id": 1
64 | }
65 | },
66 | {
67 | "source": {
68 | "exec_alias": "true",
69 | "node_id": 4
70 | },
71 | "target": {
72 | "exec_alias": "exec",
73 | "node_id": 3
74 | }
75 | }
76 | ],
77 | "nodes": [
78 | {
79 | "alias": "on_intercept_request",
80 | "definition_id": "caido/on-intercept-request",
81 | "display": {
82 | "x": 10,
83 | "y": -180
84 | },
85 | "id": 0,
86 | "inputs": [],
87 | "name": "On intercept request",
88 | "version": "0.1.0"
89 | },
90 | {
91 | "alias": "passive_end",
92 | "definition_id": "caido/passive-end",
93 | "display": {
94 | "x": 240,
95 | "y": 460
96 | },
97 | "id": 1,
98 | "inputs": [],
99 | "name": "Passive End",
100 | "version": "0.1.0"
101 | },
102 | {
103 | "alias": "matches_httpql",
104 | "definition_id": "caido/httpql-matches",
105 | "display": {
106 | "x": 10,
107 | "y": 50
108 | },
109 | "id": 2,
110 | "inputs": [
111 | {
112 | "alias": "query",
113 | "value": {
114 | "data": "req.method.eq:\"GET\"",
115 | "kind": "string"
116 | }
117 | },
118 | {
119 | "alias": "request",
120 | "value": {
121 | "data": "$on_intercept_request.request",
122 | "kind": "ref"
123 | }
124 | }
125 | ],
126 | "name": "Matches HTTPQL",
127 | "version": "0.1.0"
128 | },
129 | {
130 | "alias": "set_color",
131 | "definition_id": "caido/color-set",
132 | "display": {
133 | "x": 10,
134 | "y": 300
135 | },
136 | "id": 3,
137 | "inputs": [
138 | {
139 | "alias": "request",
140 | "value": {
141 | "data": "$on_intercept_request.request",
142 | "kind": "ref"
143 | }
144 | },
145 | {
146 | "alias": "color",
147 | "value": {
148 | "data": "#185a6c",
149 | "kind": "string"
150 | }
151 | }
152 | ],
153 | "name": "Set Color",
154 | "version": "0.1.0"
155 | },
156 | {
157 | "alias": "if_else",
158 | "definition_id": "caido/if-else",
159 | "display": {
160 | "x": 10,
161 | "y": 180
162 | },
163 | "id": 4,
164 | "inputs": [
165 | {
166 | "alias": "condition",
167 | "value": {
168 | "data": "$matches_httpql.matches",
169 | "kind": "ref"
170 | }
171 | }
172 | ],
173 | "name": "If/Else",
174 | "version": "0.1.0"
175 | },
176 | {
177 | "alias": "in_scope",
178 | "definition_id": "caido/in-scope",
179 | "display": {
180 | "x": 10,
181 | "y": -60
182 | },
183 | "id": 6,
184 | "inputs": [
185 | {
186 | "alias": "request",
187 | "value": {
188 | "data": "$on_intercept_request.request",
189 | "kind": "ref"
190 | }
191 | }
192 | ],
193 | "name": "In Scope",
194 | "version": "0.1.0"
195 | }
196 | ]
197 | },
198 | "id": "10d89306-ae4c-4759-a509-beee8fad15fd",
199 | "kind": "passive",
200 | "name": "Color In-Scope GET Requests Example"
201 | }
--------------------------------------------------------------------------------
/src/quickstart/showcase.md:
--------------------------------------------------------------------------------
1 | # Showcase
2 |
3 | Our awesome community has put together many guides and videos! 🎉
4 |
5 | If you want your contributions to appear here, please follow the [Contribution Guidelines](/guides/contributions/documentation.md)!
6 |
7 | ::: info
8 | Please note that these videos are not endorsed by Caido.
9 | :::
10 |
11 | ## Reviews
12 |
13 |
14 |
50 |
51 | ## Tutorials
52 |
53 |
15 |
16 |
17 |
23 | 17 |
18 | Review by: t3l3machus
19 |
20 | Twitter: @t3l3machus 21 |
22 | 20 | Twitter: @t3l3machus 21 |
24 |
25 |
26 |
32 | 26 |
27 | Review by: TheCyberMentor
28 |
29 | Linktree: TheCyberMentor 30 |
31 | 29 | Linktree: TheCyberMentor 30 |
33 |
34 |
40 | 34 |
35 | Review by: CryptoCat
36 |
37 | Twitter: @_CryptoCat 38 |
39 | 37 | Twitter: @_CryptoCat 38 |
41 |
42 |
43 |
49 | 43 |
44 | Review by: Sean Wright
45 |
46 | Twitter: @SeanWrightSec 47 |
48 | 46 | Twitter: @SeanWrightSec 47 |
54 |
91 |
92 | ## Interviews
93 |
94 |
55 |
56 |
57 |
63 | 57 |
58 | Try Hack Me Tutorial: OWASP Top 10
59 |
60 | By: Tyler Ramsbey 61 |
62 | 60 | By: Tyler Ramsbey 61 |
64 |
65 |
66 |
72 | 66 |
67 | Hack The Box Tutorial: Intranet
68 |
69 | By: TheCyberMentor 70 |
71 | 69 | By: TheCyberMentor 70 |
73 |
74 |
75 |
81 | 75 |
76 | Hack The Box Tutorial: Intranet
77 |
78 | By: Tyler Ramsbey 79 |
80 | 78 | By: Tyler Ramsbey 79 |
82 |
83 |
84 |
90 | 84 |
85 | Tutorial: Command Injection
86 |
87 | By: Alex Kollar 88 |
89 | 87 | By: Alex Kollar 88 |
95 |
123 |
--------------------------------------------------------------------------------
/src/reference/features/testing/automate.md:
--------------------------------------------------------------------------------
1 | # Automate
2 |
3 | The `Automate` tab allows you to send requests in bulk. This feature provides a flexible way to initiate bruteforce/fuzzing campaigns to rapidly modify certain parameters of requests using wordlists.
4 |
5 | Advanced setting options ensure your campaign can account for events such as failed requests or rate-limiting. You can transfer requests to the Automate interface from many other Caido interfaces.
6 |
7 | You can create a request from scratch from a blank template, or start from any existing request inside the application.
8 |
9 |
96 |
97 |
98 |
104 | 98 |
99 | Interview: CTBBPodcast
100 |
101 | www.criticalthinkingpodcast.io 102 |
103 | 101 | www.criticalthinkingpodcast.io 102 |
105 |
106 |
107 |
113 | 107 |
108 | Interview: Coffee&&Pizza
109 |
110 | Coffee&&Pizza Youtube Channel 111 |
112 | 110 | Coffee&&Pizza Youtube Channel 111 |
114 |
115 |
116 |
122 | 116 |
117 | Interview: Security Architecture Podcast
118 |
119 | Security Architecture Podcast Youtube Channel 120 |
121 | 119 | Security Architecture Podcast Youtube Channel 120 |
10 |
11 | 1. Select the `Automate` tab from the left-hand menu within the Caido window.
12 | 2. Select the [Attack Strategy](#attack-strategies).
13 | 2. Highlight the element(s) you wish to brute-force/fuzz.
14 | 3. Once the element is highlighted - click `+` to convert it to a placeholder. You can remove a placeholder/placeholders by selecting them and then clicking `-` or you can clear all placeholders by clicking `Clear`.
15 | 4. Select a [Payload Type](#payload-types), apply [Preprocessors](#preprocessors) and set additional [Settings](#settings) within this pane.
16 | 5. Click `Run` when your automation campaign is configured to begin brute-forcing/fuzzing.
17 | 7. The configuration tab as well as the associated results tab will be paired next to each other here.
18 |
19 | ## Automate Results
20 |
21 | To inspect the results of your `Automate` campaign - proceed with the following steps:
22 |
23 |
24 |
25 | 1. Click the paired tab.
26 | 2. Each request will be displayed in this pane.
27 | 3. This pane will display the selected request and it's associated response.
28 | 4. This is the resulting list of options presented after right-clicking within the request pane.
29 | 5. The [HTTPQL query](/concepts/essentials/httpql.md) input bar.
30 |
31 | ## Attack Strategies
32 |
33 | Caido currently provides the following attack `Strategies`:
34 |
35 |
36 |
37 | - **Sequential** _(Sniper)_: This will replace markers one at a time. If you have multiple markers, **only one** will be replaced for any given request.
38 | - **All** _(Battering Ram)_: This will replace all the markers with the same value.
39 | - **Parallel** _(Pitchfork)_: This will replace all the markers with different values from the different payloads. This requires payloads that each have the same number of elements.
40 | - **Matrix** _(Cluster Bomb)_: This will replace all the markers with all the combinations of payloads. Payloads can have different number of elements, but beware that this can create a large number of requests.
41 |
42 | ## Payload Types
43 |
44 | For each payload, you can choose a `Type` from the list:
45 |
46 |
47 |
48 | - **Hosted File:** Allows you to select one of the files you had previously uploaded to the Caido Instance. View the [Files](/reference/features/workspace/files.md) documentation for more information.
49 | - **Simple List:** For cases where you want to test a short manually created list of elements.
50 | - **Null Payload:** Generate requests without changing anything in it.
51 | - **Numbers:** Generates a range of specified integers to use as a payload.
52 |
53 | ## Preprocessors
54 |
55 | Preprocessors enable you to apply additional modifications to the payloads.
56 |
57 |
58 |
59 | - **Workflow**: Select a default or custom made Workflow to apply to the requests that will be sent in your campaign. View the [Workflow](/reference/workflows/workflows.md) documentation for more information.
60 | - **URL Encode**: This option includes an input bar in which you can supply characters to URL encode before the requests of your campaign are sent. There is also a checkbox to toggle between encoding/not encoding non-ASCII characters.
61 | - **Prefix**: Allows you to prefix a payload value with a supplied value.
62 | - **Suffix**: Allows you to append a supplied suffix value to a payload value.
63 |
64 |
73 |
74 | - **Close Connection:** Toggle between keeping the socket connection or closing the socket connection after the paired response to a request is received.
75 | - **Update Content-Length:** Automatically update the value of the Content-Length header to account for the payload.
76 | - **Delay (ms) between requests:** The time in milliseconds to sleep between forwarding requests.
77 | - **# of workers:** The number of threads to run.
78 | - **Delay (ms) before retry:** The time in milliseconds to sleep until retrying a failed request.
79 | - **Max retries:** The number of reattempts to perform upon a failed request before moving on to the following requests.
80 |
81 | ## Additional Information
82 |
83 | ::: tip TIPS
84 |
85 | - Clicking the column names (_located at the top and spanning horizontally_) within the results payload list pane will sort the requests by the selected column category. View the [Sorting by Properties](/reference/features/overview/sorting.md) documentation for more information.
86 | - Clicking the `{}` button will toggle the Pretty/Raw display option.
87 | - If you have installed the rendering engine - clicking the image icon located at the top-right corner of the response pane will present a visual representation of the response. View the [Basic Configuration](/quickstart/beginner_guide/setup/config.md) documentation for more information.
88 |
89 | :::
90 |
--------------------------------------------------------------------------------