Recently, Caido, a Rust-based analysis tool, finally transitioned to Public Beta. During its Private Beta, it was chosen by some Bug Bounty Hunters and garnered a lot of attention thanks to its sleek UI and reported speed.
Today, I'll take a look at what kind of tool Caido is, how it can be used, and share my findings.
Overview
Caido is a tool focused on Manual Testing, promoting its speed as a key advantage. Being Rust-based, it will likely gain more benefits as data volume increases and computations become more complex.
It provides the following essential features for testing. While it may not suit every testing methodology, it pretty much has all the necessary functions for basic manual testing.
- Sitemap
- Forward
- Intercept
- Replay
- Automate
- Tamper
- Convert
- History
- Scope
It seems unnecessary to write about everything, so I'll focus on the key features of Sitemap, Replay, and Automate.
Take a look
Sitemap
The sitemap structure is similar to ZAP's. It provides a tree view of the site, its corresponding history, and a window to view requests/responses. Overall, it's very clean.
Right-clicking allows you to "Send to" Replay or Automate.
Replay
Replay is a feature similar to Burp's Repeater or ZAP's Requester/Manual Request. You can edit and resend requests. What's interesting is that it supports organization by collections by default. You can place desired requests into respective collections for review.
It resembles Burp Suite's Repeater and also has a slight resemblance to Stepper.
Another interesting point is that data sent from Replay has a history. You can use the arrow buttons below to check previous requests and responses.
This is a really great feature.
Automate
Automate is a feature for Fuzzing, in the same vein as Burp's Intruder and ZAP's Fuzzer. Its appearance resembles ZAP's Fuzzer but is more intuitive, though with slightly fewer features.
You can test based on files or lists and specify an Attack Strategy, allowing for various forms of testing depending on the purpose.
GraphQL Endpoint
Caido provides a GraphQL Endpoint. The queryable parts are quite detailed, which seems great for creating and using other connected tools.
My personal guess is that they recognized the inconvenience of Java-based addons (or scripting with Jruby, Jython, etc.) that Burp and ZAP adhere to, and aimed to provide an easier API. ZAP also offers a very detailed REST API, enabling usage through API-based methods even without addons. I think Caido might be heading in a broadly similar direction.
Roadmap
The Caido team makes good use of GitHub Projects. By checking it, you can predict the future direction and refinement of the tool. :D
Conclusion
At this stage, it absolutely cannot be better than Burpsuite or ZAP. The project duration and scale are different, and I believe these two have a level of technology and accumulated know-how that is difficult for a latecomer project to catch up with.
Burpsuite's Scanning Engine, ZAP's Scripting Engine. Even setting aside other features, just taking one engine from each, these two have tremendous advantages.
However, the emergence of a competitor, even a small one, is always welcome as it greatly influences the development of all tools. One of my many personal goals is to create a MITMProxy-based analysis tool, and I think I've drawn a lot of inspiration from Caido.
For now, I'll use it more as a secondary tool, and if it proves to be good, I'll share some tips on how to use Caido effectively. :D