diff --git a/.vitepress/sidebars/app/concepts.ts b/.vitepress/sidebars/app/concepts.ts index 10d109ce..b4269411 100644 --- a/.vitepress/sidebars/app/concepts.ts +++ b/.vitepress/sidebars/app/concepts.ts @@ -33,6 +33,10 @@ export const conceptsSidebar: DefaultTheme.SidebarItem[] = [ text: "Authentication", link: "/app/concepts/instance_authentication", }, + { + text: "Collaboration", + link: "/app/concepts/collaboration", + }, ], }, { diff --git a/src/app/concepts/cloud.md b/src/app/concepts/cloud.md index f54a4380..52b69335 100644 --- a/src/app/concepts/cloud.md +++ b/src/app/concepts/cloud.md @@ -34,7 +34,7 @@ The data collected as you use Caido (_IP address and API call actions/timestamps We also have opt-out analytics for UI interactions performed within the application. We NEVER collect project data, HTTP requests, payloads, etc. -## Endpoints used +## Endpoints Used If you need to whitelist endpoints, here are all the endpoints we use: diff --git a/src/app/concepts/collaboration.md b/src/app/concepts/collaboration.md new file mode 100644 index 00000000..247a8ffb --- /dev/null +++ b/src/app/concepts/collaboration.md @@ -0,0 +1,33 @@ +--- +description: "Understand the pros and cons of both collaboration via shared instances and collaboration via the Drop plugin." +--- + +# Collaboration + +Besides sharing the same device, there are two ways to collaborate with other users using Caido: **remote hosting** and the **Drop** plugin. + +## Remote Hosting + +By remote hosting an instance, multiple users can access it from their own local devices, either sequentially or simultaneously. This allows for a shared workspace where all users view the same data. + +However, since all users are working on the same data, if one user makes certain changes to the instance, it will be reflected for all other users. + +While many Caido features retain a history of changes, other actions, such as deleting a project entirely, are irreversible. + +So, while shared remote instances can be advantageous as they provide each user with the full context of an assessment, this can also be a disadvantage as a lack of coordination and communication between users can lead to data loss. + +::: tip +[Learn how to host an instance remotely.](/app/tutorials/remote.md) +::: + +## Drop + +The Drop plugin allows for more granular collaboration as each user operates within their own instance and shares specific data with others over a secure end-to-end encrypted channel. + +This ensures that each user can work on their own data without affecting others. + +However, since all data is shared manually, it can become a disadvantage as doing so can be time-consuming. + +::: tip +[Learn how to use the Drop plugin.](/app/tutorials/drop.md) +::: diff --git a/src/app/concepts/instance.md b/src/app/concepts/instance.md index ac7918eb..3374a190 100644 --- a/src/app/concepts/instance.md +++ b/src/app/concepts/instance.md @@ -4,7 +4,7 @@ description: "Understand the core concepts behind Caido instances - the client/s # Instance -An Instance of Caido is effectively a directory on disk that contains the settings, projects, secrets, plugins, etc. that are created by Caido at runtime. +An **instance** of Caido is effectively a directory on disk that contains the settings, projects, secrets, plugins, etc. that are created by Caido at runtime. This abstraction allows you to manage multiple, separate instances of Caido on a single device. @@ -12,7 +12,7 @@ This abstraction allows you to manage multiple, separate instances of Caido on a ### Local Instances -A local instance runs on the same computer as you. Effectively, we will manage the [caido cli](./cli_vs_desktop.md) for you in the background. +A local instance runs on the same computer as you. Effectively, we will manage the [Caido CLI](./cli_vs_desktop.md) for you in the background. Additional local instances can be created using either the standalone Caido CLI or desktop application by [changing the data storage location](/app/guides/data_location.md). diff --git a/src/app/concepts/instance_authentication.md b/src/app/concepts/instance_authentication.md index e64d8a2e..bbba970f 100644 --- a/src/app/concepts/instance_authentication.md +++ b/src/app/concepts/instance_authentication.md @@ -8,7 +8,7 @@ Although the API is authenticated, the proxy traffic is currently unprotected. W Authentication in Caido is based on [OAuth 2.0](https://www.rfc-editor.org/rfc/rfc6749) protocol. -## User authentication +## User Authentication Like we mentioned in [instance registration](./instance_registration.md), each Caido instance registers itself with our Cloud as an `OAuth 2.0 client`. @@ -26,7 +26,7 @@ We do not make any guarantees on the lifetime of the tokens. Currently the access token is valid for 7 days and the refresh token is valid for 3 months. ::: -## Instance authentication +## Instance Authentication Under the cover, the instance will also perform a Client Credentials flow to have a token to identify itself with the cloud. This allows the instance to retrieve metadata like the [Workspace](/dashboard/concepts/workspace) in which it lives. diff --git a/src/app/concepts/instance_registration.md b/src/app/concepts/instance_registration.md index 08846ce5..8ac30dad 100644 --- a/src/app/concepts/instance_registration.md +++ b/src/app/concepts/instance_registration.md @@ -5,7 +5,7 @@ At this stage the instance is considered "unclaimed", meaning that **anybody** w You can **only** log into an instance if it has been claimed. -## Human claim +## Human Claim On initial the login, if it the instance is "unclaimed", you can claim it. This is the same idea if you [reset the credentials](/app/troubleshooting/authentication.html#reset-the-instance-credentials) of your instance. @@ -42,7 +42,7 @@ For Teams, you can also automatically claim new instances using [Registration Ke This ensures that all the instances are safe even if no human is involved in the deployment. -Currently you need to use the [caido cli](./cli_vs_desktop.md) to pass the Registration Key to the instance. +Currently you need to use the [Caido CLI](./cli_vs_desktop.md) to pass the Registration Key to the instance. You can use either the `--registration-key` flag or the environment variable `CAIDO_REGISTRATION_KEY`. The flow usually looks like: diff --git a/src/app/concepts/pat.md b/src/app/concepts/pat.md index 501e2dda..4115221e 100644 --- a/src/app/concepts/pat.md +++ b/src/app/concepts/pat.md @@ -12,7 +12,7 @@ All Caido PATs use the `caido_` prefix, making them easy to identify and manage Each PAT is tied to the user who created it and acts with the same level of permissions as that user. ::: -## How it works +## How It Works When you log into a Caido instance through the browser or desktop application, a Device Authorization flow takes place. You are redirected to the [Dashboard](https://dashboard.caido.io) to manually approve a consent form. A PAT replaces that manual approval step, making the entire authentication process automated. @@ -26,7 +26,7 @@ When you log into a Caido instance through the browser or desktop application, a From this point forward, the session behaves identically to a browser-based login. The access token authenticates subsequent API calls and the refresh token is used to renew it when it expires. -## Resource ownership +## Resource Ownership A PAT can be created to access resources under your own account or under a specific Team. When you [create a PAT](/dashboard/guides/create_pat) for a Team, it operates within that Team's [Workspace](/dashboard/concepts/workspace) and can access the Team's instances, members, and subscription resources. A PAT created for yourself can only access your personal resources. @@ -34,7 +34,7 @@ A PAT can be created to access resources under your own account or under a speci Team admins can view PATs created for their Team, but only the creator of a PAT can revoke it. ::: -## Security considerations +## Security Considerations - **Always set an expiration date** when [creating a PAT](/dashboard/guides/create_pat). Open-ended tokens increase your risk exposure if they are leaked. - **Treat PATs like passwords.** Store them in environment variables or a secret management system. Never commit them to source code. diff --git a/src/app/quickstart/plugins.md b/src/app/quickstart/plugins.md index bec80ded..2ae40e87 100644 --- a/src/app/quickstart/plugins.md +++ b/src/app/quickstart/plugins.md @@ -4,7 +4,7 @@ description: "A step-by-step guide to Caido's Plugins interface for installing a # Plugins -The `Plugins` interface allows you to install and manage plugin packages in Caido. These packages extend Caido's functionality, offering high degree of customization. +The `Plugins` interface allows you to install and manage plugin packages in Caido. These packages extend Caido's functionality, offering a high degree of customization. ::: tip Video Demonstration --- diff --git a/src/app/tutorials/index.md b/src/app/tutorials/index.md index 273213f4..dee585a2 100644 --- a/src/app/tutorials/index.md +++ b/src/app/tutorials/index.md @@ -20,12 +20,6 @@ Please note that these videos are not endorsed by Caido.
-
-
- Try Hack Me Tutorial: OWASP Top 10 -
- By: Tyler Ramsbey -
@@ -38,12 +32,6 @@ Please note that these videos are not endorsed by Caido.
-
-
- Hack The Box Tutorial: Intranet -
- By: Tyler Ramsbey -
diff --git a/src/burp-suite/core/ai.md b/src/burp-suite/core/ai.md index ca16513c..692b411a 100644 --- a/src/burp-suite/core/ai.md +++ b/src/burp-suite/core/ai.md @@ -8,7 +8,7 @@ Burp Suite Pro AI features and their Caido equivalents. ## Available -### Generating AI-powered explanations +### Generating AI-Powered Explanations Burp can generate natural-language explanations of HTTP requests and responses from Repeater. @@ -46,7 +46,7 @@ Caido does not ship a single bundled AI product like Burp AI. Use **Shift** (inc - [Shift Tutorial](/app/tutorials/shift.md) - [Chatio](https://github.com/caido-community/Chatio) (GitHub) -### Automating tasks with custom actions +### Automating Tasks with Custom Actions Burp AI custom actions automate repetitive Repeater tasks with prompts and predefined workflows. @@ -61,7 +61,7 @@ Caido offers **Shift Agents** to assign autonomous background tasks to a model, ## Not Available -### AI credits +### AI Credits Burp tracks AI usage through a credits system tied to your PortSwigger subscription. diff --git a/src/burp-suite/core/browser-and-setup.md b/src/burp-suite/core/browser-and-setup.md index ac588adc..2ef3cd21 100644 --- a/src/burp-suite/core/browser-and-setup.md +++ b/src/burp-suite/core/browser-and-setup.md @@ -8,7 +8,7 @@ Burp Suite Pro browser integration, transport, and setup features and their Caid ## Available -### Testing mobile applications +### Testing Mobile Applications Burp proxies traffic from iOS and Android devices through the intercepting proxy. @@ -21,7 +21,7 @@ Caido supports proxying mobile device traffic the same way as Burp: install Caid - [Importing CA Certificates](/app/guides/ca_certificate_importing.md) - [Android Introduction Tutorial](/app/tutorials/android_introduction.md) -### External browser configuration +### External Browser Configuration Burp lets you use a system browser other than its embedded browser with the proxy. @@ -33,7 +33,7 @@ Caido supports using a **preconfigured browser** or manually set any browser's p - [FoxyProxy Guide](/app/guides/foxyproxy.md) - [ZeroOmega Guide](/app/guides/zeroomega.md) -### Invisible proxying +### Invisible Proxying Burp forwards non-proxy-aware clients through the proxy without explicit proxy configuration. @@ -44,7 +44,7 @@ Caido offers an **Invisible Proxy** setup to intercept traffic from clients that - [Invisible Proxy Tutorial](/app/tutorials/invisible_proxy.md) - [Invisible Proxying Guide](/app/guides/invisible_proxying.md) -### Managing CA certificates +### Managing CA Certificates Burp lets you install and manage its CA certificate for intercepting HTTPS traffic. @@ -58,7 +58,7 @@ Caido lets you export and install its CA certificate from **Settings → Network ## Indirectly Available -### Burp's browser +### Burp's Browser Burp ships a Chromium-based browser preconfigured to proxy through Burp with DOM Invader integration. diff --git a/src/burp-suite/core/overview.md b/src/burp-suite/core/overview.md index 05ece5fd..ccb98596 100644 --- a/src/burp-suite/core/overview.md +++ b/src/burp-suite/core/overview.md @@ -6,14 +6,14 @@ description: "Map Burp Suite Pro built-in features to Caido." This section maps **Burp Suite Pro** built-in tools and product features to Caido. -## How to use this section +## How to Use This Section -1. **Search by Burp name** — Use the site search or your browser's find-in-page for the Burp feature you used (for example, `Intruder`, `HTTP history`, or `Collaborator`). +1. **Search by Burp feature name** — Use the site search or your browser's find-in-page for the Burp feature you used (for example, `Intruder`, `HTTP history`, or `Collaborator`). 2. **Open the matching page** — Pick the page that best fits what you used in Burp. New to Caido? Start with [Browser & Setup](/burp-suite/core/browser-and-setup), then [Tools](/burp-suite/core/tools). 3. **Read the mapping** — Entries are grouped under **Available**, **Indirectly Available**, and **Not Available**. Each entry explains the Caido equivalent, how it differs from Burp, and links under **Resources**. ::: tip New to Caido? -After finding your equivalents, continue with the [Application quickstart](/app/quickstart/). +After finding your equivalents, continue with the [application quickstart](/app/quickstart/). ::: ## Pages diff --git a/src/burp-suite/core/project-and-configuration.md b/src/burp-suite/core/project-and-configuration.md index 07823ab1..7ebb53f7 100644 --- a/src/burp-suite/core/project-and-configuration.md +++ b/src/burp-suite/core/project-and-configuration.md @@ -8,7 +8,7 @@ Burp Suite Pro project files, session handling, and configuration features and t ## Available -### Project files +### Project Files Burp saves and restores project state including traffic, site map, and configuration. @@ -23,7 +23,7 @@ Caido offers native **Workspaces** to manage projects and persist traffic, scope ## Indirectly Available -### Session handling rules +### Session Handling Rules Burp automatically modifies requests based on session state using macros and rules. @@ -49,7 +49,7 @@ Caido offers **Workflows** as the equivalent for defining sequences of actions - [Creating Workflows](/app/guides/workflows_creating.md) - [Refresh Authentication Tutorial](/app/tutorials/refresh_authentication.md) -### Configuration library +### Configuration Library Burp exports specific settings as shareable configuration files and saves configuration profiles for reuse across projects. diff --git a/src/burp-suite/core/reporting.md b/src/burp-suite/core/reporting.md index 1da4c73d..372d0e21 100644 --- a/src/burp-suite/core/reporting.md +++ b/src/burp-suite/core/reporting.md @@ -8,7 +8,7 @@ Burp Suite Pro reporting and export features and their Caido equivalents. ## Indirectly Available -### Generating a report +### Generating a Report Burp exports scan results and findings as formatted HTML or XML reports. diff --git a/src/burp-suite/core/scans.md b/src/burp-suite/core/scans.md index e7615346..fc5dcb47 100644 --- a/src/burp-suite/core/scans.md +++ b/src/burp-suite/core/scans.md @@ -19,7 +19,7 @@ Caido offers the community **Scanner** plugin for automated vulnerability scanni - [Scanner](https://github.com/caido-community/scanner) (GitHub) - [Scanner Tutorial](/app/tutorials/scanner.md) -### Configuring scans +### Configuring Scans Burp lets you adjust scan speed, insertion points, and audit checks for Scanner. @@ -30,7 +30,7 @@ Caido lets you configure scan behavior through the **Scanner** plugin's custom c - [Scanner: Custom Checks](https://github.com/caido-community/scanner#check-definition) (GitHub) - [Workflows](/app/quickstart/workflows.md) -### Running scans +### Running Scans Burp launches full crawl-and-audit or targeted scans against web applications. @@ -42,7 +42,7 @@ Caido supports running active scans with the **Scanner** plugin and targeted fuz - [Automate](/app/quickstart/automate.md) - [Scanner Tutorial](/app/tutorials/scanner.md) -### Scanning specific HTTP messages +### Scanning Specific HTTP Messages Burp runs an audit against selected requests rather than an entire site. @@ -54,7 +54,7 @@ Caido lets you send selected requests from **HTTP History** to the **Scanner** p - [Scanner](https://github.com/caido-community/scanner) (GitHub) - [Automate](/app/quickstart/automate.md) -### Viewing scan results +### Viewing Scan Results Burp lets you review discovered issues, audit items, and event logs from scans. @@ -67,7 +67,7 @@ Caido lets you review results in native **Findings** and the **Scanner** plugin' ## Indirectly Available -### Live tasks +### Live Tasks Burp runs continuous background crawling and auditing of in-scope traffic as you browse. @@ -79,7 +79,7 @@ Caido offers native **Passive Workflows** for real-time traffic analysis as you - [Workflows](/app/quickstart/workflows.md) - [Scanner](https://github.com/caido-community/scanner) (GitHub) -### Application logins +### Application Logins Burp lets you provide credentials or recorded login sequences so Scanner can test authenticated areas. @@ -95,7 +95,7 @@ Caido lets you store credentials in native **Environment Variables**, record log ## Not Available -### Resource pools +### Resource Pools Burp limits concurrent scan threads to control resource usage during scans. diff --git a/src/burp-suite/core/target-and-scope.md b/src/burp-suite/core/target-and-scope.md index bddde32c..3576f3d9 100644 --- a/src/burp-suite/core/target-and-scope.md +++ b/src/burp-suite/core/target-and-scope.md @@ -20,7 +20,7 @@ Caido splits target management across native **Sitemap**, **Scopes**, and **Find - [Scopes](/app/quickstart/scopes.md) - [Findings](/app/quickstart/findings.md) -### Site map +### Sitemap Burp displays a tree view of discovered hosts, directories, and endpoints. @@ -44,7 +44,7 @@ Caido offers native **Scopes** to define in-scope hosts. Scoped traffic can be h - [Defining Scopes](/app/guides/scopes_defining.md) - [Applying Scopes](/app/guides/scopes_applying.md) -### Issue definitions +### Issue Definitions Burp lets you customize how Scanner reports and categorizes issue types. @@ -56,7 +56,7 @@ Caido lets you define custom finding types through the **Scanner** plugin's cust ## Indirectly Available -### Crawl paths +### Crawl Paths Burp visualizes how its crawler reached specific endpoints. diff --git a/src/burp-suite/core/tools.md b/src/burp-suite/core/tools.md index 64fa409f..276d4e86 100644 --- a/src/burp-suite/core/tools.md +++ b/src/burp-suite/core/tools.md @@ -8,7 +8,7 @@ Burp Suite Pro tools — Proxy, Repeater, Intruder, utilities, and related featu ## Available -### Command palette +### Command Palette Burp provides a quick-access launcher for tools, settings, and actions via the keyboard. @@ -30,7 +30,7 @@ Caido offers native **Search** with **HTTPQL** to query captured traffic across - [HTTPQL](/app/reference/httpql.md) - [Search Filtering](/app/guides/search_filtering.md) -### Context menu +### Context Menu Burp offers right-click actions on requests, responses, and site map entries. @@ -40,7 +40,7 @@ Caido provides native context menu actions on requests and responses in HTTP His - [Context Menu Options](/app/reference/context_menu.md) -### Filter settings +### Filter Settings Burp applies shared filter configuration across its tables and views. @@ -64,7 +64,7 @@ Caido offers native **Intercept** and **HTTP History** to handle proxied traffic - [HTTP History](/app/quickstart/http_history.md) - [Intercepting Traffic](/app/guides/intercept_traffic.md) -### Proxy intercept +### Proxy Intercept Burp lets you pause, inspect, and modify individual requests and responses in flight. @@ -75,7 +75,7 @@ Caido offers native **Intercept** to pause, inspect, and forward or drop individ - [Intercept](/app/quickstart/intercept.md) - [Intercepting Traffic](/app/guides/intercept_traffic.md) -### HTTP history +### HTTP History Burp maintains a persistent log of all proxied HTTP traffic with filtering and search. @@ -86,7 +86,7 @@ Caido offers native **HTTP History** as the persistent traffic log. It supports - [HTTP History](/app/quickstart/http_history.md) - [Filtering HTTP History](/app/guides/http_history_filtering.md) -### WebSockets history +### WebSockets History Burp captures and inspects WebSocket messages proxied through the proxy. @@ -96,7 +96,7 @@ Caido offers native **WS History** to capture WebSocket frames proxied through t - [WS History](/app/quickstart/ws_history.md) -### Match and replace +### Match and Replace Burp automatically modifies requests or responses matching defined rules as they pass through the proxy. @@ -143,7 +143,7 @@ Caido does not have a separate Inspector panel. Request and response components - [Replay](/app/quickstart/replay.md) - [HTTP History](/app/quickstart/http_history.md) -### Message editor +### Message Editor Burp lets you edit HTTP messages in raw and parsed form across its tools. @@ -224,7 +224,7 @@ Caido offers native **Findings** to track notable requests and issues. Findings - [Findings](/app/quickstart/findings.md) -### Content discovery +### Content Discovery Burp brute-forces hidden directories and files on a web server. @@ -260,7 +260,7 @@ Caido does not have a single dashboard tab. Instead, traffic-centric views like - [Scanner](https://github.com/caido-community/scanner) (GitHub) - [Autorize](https://github.com/caido-community/autorize) (GitHub) -### Customizing Burp's layout +### Customizing Burp's Layout Burp lets you rearrange tabs, split panes, and customize the UI layout. @@ -270,7 +270,7 @@ Caido has a fixed application layout and does not support Burp-style tab rearran - [Creating a Page](https://developer.caido.io/guides/page.html) (developer docs) -### Engagement tools +### Engagement Tools Burp bundles a suite of utilities for target analysis, content discovery, and PoC generation. @@ -284,7 +284,7 @@ Caido does not bundle engagement utilities into a single tool suite. Equivalent - [CSRF PoC Generator](https://github.com/BugBountyzip/CaidoCSRF) (GitHub) - [Crawler](https://github.com/caido-community/crawler) (GitHub) -### Target analyzer +### Target Analyzer Target analyzer summarizes a target's technology stack, content types, and dynamic URLs. @@ -297,7 +297,7 @@ Caido has no dedicated target analyzer. Caido lets you review technology hints i - [JS Analyzer](https://github.com/caido-community/JS-Analyzer) (GitHub) - [RetireJS Scanner](https://github.com/bensh/caido-retirejs) (GitHub) -### Manual testing simulator +### Manual Testing Simulator The manual testing simulator simulates user interactions for manual testing scenarios. diff --git a/src/burp-suite/extensibility/custom-scan-checks.md b/src/burp-suite/extensibility/custom-scan-checks.md index 108dca64..dbffc176 100644 --- a/src/burp-suite/extensibility/custom-scan-checks.md +++ b/src/burp-suite/extensibility/custom-scan-checks.md @@ -12,7 +12,7 @@ Several BApp Store extensions also add scan checks — for example, Active Scan+ ## Available -### Custom scan checks +### Custom Scan Checks Burp lets you define passive and active scan rules in BCheck format or via the custom scan checks API. diff --git a/src/dashboard/guides/education_plan.md b/src/dashboard/guides/education_plan.md index a8dae971..bda76b60 100644 --- a/src/dashboard/guides/education_plan.md +++ b/src/dashboard/guides/education_plan.md @@ -2,11 +2,11 @@ description: "How to get Caido for free by applying for the Education plan." --- -# Applying for Education Plan +# Applying for the Education Plan Students can get access to Caido for free through the Education plan. You need to verify your academic status in the [Caido Dashboard](https://dashboard.caido.io); once approved, your benefit is valid for a limited time. -## Opening the Education settings +## Opening the Education Settings 1. Go to [dashboard.caido.io](https://dashboard.caido.io) and sign in. 2. Open the **Settings** page. @@ -14,7 +14,7 @@ Students can get access to Caido for free through the Education plan. You need t You will see the education plan section where you can apply or check the status of your application. -## Submitting your application +## Submitting Your Application On the Education tab, fill in the form with your **level of study** (e.g. secondary, undergraduate, graduate) and **field of study**. If your field is not in the list, choose the option to specify it manually. Then click **Submit application**. @@ -22,13 +22,13 @@ On the Education tab, fill in the form with your **level of study** (e.g. second If you already have a paid subscription, you must cancel it before you can submit an application. The form will show a message: "You already have a subscription. You need to cancel it to submit an application." ::: -## Verifying your email +## Verifying Your Email After you submit, your application is processed. You will see **Application in progress** and a note that processing usually takes a short moment. You will receive a verification code by email. Enter that code in the **Verification code** field and click **Submit**. If you need to start over, click **Start over** to return to the application form. -## After approval or rejection +## After Approval or Rejection - **Approved**: Your academic status has been verified. You now have access to Caido's Education plan for free. The benefit is valid until the date shown on the page. - **Rejected**: Your last application was not approved. The page will show a reason (e.g. Invalid email, Not academic, or others). You can review your details and submit a new application using the form on the same page.