3/3/2023 - Caido
The superior alternative to Burp Suite
Overview
As someone interested in reverse engineering & web hacking (legally), I found myself using Burp Suite to proxy requests. Not only was this intensive for long periods of time on my PC, but I only had the community edition so my features were limited. That being said, Burp Suite was an amazing tool including proxy requests, repeater, intruder, request forgery, and a plethora of other tools heavily utilized in web app hacking.
Caido is new the scene for hackers. It is a 'lightweight web security auditing toolkit' built in Rust. I've been using the free version for a few days and have fallen in love with it. Setup was a breeze (< 2 min), intuitive UI, and extremely helpful for my use cases. My favorite thing is it is so young in terms of development, and their roadmap looks very promising. This tool was built by many devs, but most 'famously' and heavily-influenced by Corb3nik (Ian Bouchard), a highly skilled hacker in the bug bounty / hacking community.
Purpose
Caido offers a range of tools for the every day web hacker. In the words of Corb3nik himself:
These past few months, we’ve been working on the features most used by the community so far: intercepting, replaying, filtering and scoping requests; generating sitemaps; and automating requests. As for the near future, we have a lot of features we’re looking forward to:
An easy-to-use plugin system that would allow users to make plugins without prior programming experience
An evidence box to share requests/notes between users
An OOB service for DNS/HTTP exfiltration
How is this beneficial to me as a developer?
As a developer / wannabe hacker, I wonder what new and exciting tools are out there. I hated the UI and lag that Burp Suite gave me, so this was a perfect matchup. I didn't use Burp to the max, but I feel like Caido has already been better for me as a hacker who is trying to learn the ropes.
Last updated