Skip to content
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .vitepress/sidebars/app/concepts.ts
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,10 @@ export const conceptsSidebar: DefaultTheme.SidebarItem[] = [
text: "Authentication",
link: "/app/concepts/instance_authentication",
},
{
text: "Collaboration",
link: "/app/concepts/collaboration",
},
],
},
{
Expand Down
2 changes: 1 addition & 1 deletion src/app/concepts/cloud.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ The data collected as you use Caido (_IP address and API call actions/timestamps

We also have opt-out analytics for UI interactions performed within the application. We NEVER collect project data, HTTP requests, payloads, etc.

## Endpoints used
## Endpoints Used

If you need to whitelist endpoints, here are all the endpoints we use:

Expand Down
25 changes: 25 additions & 0 deletions src/app/concepts/collaboration.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
description: "Understand the pros and cons of both collaboration via shared instances and collaboration via the Drop plugin."
---

# Collaboration

Besides sharing the same device, there are two ways to collaborate with other users using Caido: [shared instances](/app/concepts/instance.md) and the [Drop](/app/tutorials/drop.md) plugin.

## Shared Instances

Shared instances can be accessed by multiple users, either sequentially or simultaneously. This allows for a shared workspace where all users view the same data.

Comment thread
ninjeeter marked this conversation as resolved.
Outdated
However, since all users are working on the same data, if one user makes certain changes to the instance, it will be reflected for all other users.

While many Caido features retain a history of changes, other actions, such as deleting a project entirely, are irreversible.

So, while shared instances can be advantageous as they provide each user with the full context of an assessment, this can also be a disadvantage as lack of coordination and communication between users can lead to data loss.
Comment thread
ninjeeter marked this conversation as resolved.
Outdated

## Drop

The Drop plugin allows for more granular collaboration as each user operates within their own instance and shares specific data with others over a secure end-to-end encrypted channel.

This ensures that each user can work on their own data without affecting others.

However, since all data is shared manually, it can become a disadvantage as doing so can be time-consuming.
4 changes: 2 additions & 2 deletions src/app/concepts/instance.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,15 @@ description: "Understand the core concepts behind Caido instances - the client/s

# Instance

An Instance of Caido is effectively a directory on disk that contains the settings, projects, secrets, plugins, etc. that are created by Caido at runtime.
An **instance** of Caido is effectively a directory on disk that contains the settings, projects, secrets, plugins, etc. that are created by Caido at runtime.

This abstraction allows you to manage multiple, separate instances of Caido on a single device.

## Local vs Remote

### Local Instances

A local instance runs on the same computer as you. Effectively, we will manage the [caido cli](./cli_vs_desktop.md) for you in the background.
A local instance runs on the same computer as you. Effectively, we will manage the [Caido CLI](./cli_vs_desktop.md) for you in the background.

Additional local instances can be created using either the standalone Caido CLI or desktop application by [changing the data storage location](/app/guides/data_location.md).

Expand Down
4 changes: 2 additions & 2 deletions src/app/concepts/instance_authentication.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Although the API is authenticated, the proxy traffic is currently unprotected. W

Authentication in Caido is based on [OAuth 2.0](https://www.rfc-editor.org/rfc/rfc6749) protocol.

## User authentication
## User Authentication

Like we mentioned in [instance registration](./instance_registration.md), each Caido instance registers itself with our Cloud as an `OAuth 2.0 client`.

Expand All @@ -26,7 +26,7 @@ We do not make any guarantees on the lifetime of the tokens.
Currently the access token is valid for 7 days and the refresh token is valid for 3 months.
:::

## Instance authentication
## Instance Authentication

Under the cover, the instance will also perform a <a href="https://www.rfc-editor.org/rfc/rfc6749#section-1.3.4" target="_blank">Client Credentials</a> flow to have a token to identify itself with the cloud.
This allows the instance to retrieve metadata like the [Workspace](/dashboard/concepts/workspace) in which it lives.
4 changes: 2 additions & 2 deletions src/app/concepts/instance_registration.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ At this stage the instance is considered "unclaimed", meaning that **anybody** w

You can **only** log into an instance if it has been claimed.

## Human claim
## Human Claim

On initial the login, if it the instance is "unclaimed", you can claim it.
This is the same idea if you [reset the credentials](/app/troubleshooting/authentication.html#reset-the-instance-credentials) of your instance.
Expand Down Expand Up @@ -42,7 +42,7 @@ For Teams, you can also automatically claim new instances using [Registration Ke

This ensures that all the instances are safe even if no human is involved in the deployment.

Currently you need to use the [caido cli](./cli_vs_desktop.md) to pass the Registration Key to the instance.
Currently you need to use the [Caido CLI](./cli_vs_desktop.md) to pass the Registration Key to the instance.
You can use either the `--registration-key` flag or the environment variable `CAIDO_REGISTRATION_KEY`.

The flow usually looks like:
Expand Down
6 changes: 3 additions & 3 deletions src/app/concepts/pat.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ All Caido PATs use the `caido_` prefix, making them easy to identify and manage
Each PAT is tied to the user who created it and acts with the same level of permissions as that user.
:::

## How it works
## How It Works

When you log into a Caido instance through the browser or desktop application, a <a href="https://www.rfc-editor.org/rfc/rfc8628.html" target="_blank">Device Authorization</a> flow takes place. You are redirected to the [Dashboard](https://dashboard.caido.io) to manually approve a consent form. A PAT replaces that manual approval step, making the entire authentication process automated.

Expand All @@ -26,15 +26,15 @@ When you log into a Caido instance through the browser or desktop application, a

From this point forward, the session behaves identically to a browser-based login. The access token authenticates subsequent API calls and the refresh token is used to renew it when it expires.

## Resource ownership
## Resource Ownership

A PAT can be created to access resources under your own account or under a specific Team. When you [create a PAT](/dashboard/guides/create_pat) for a Team, it operates within that Team's [Workspace](/dashboard/concepts/workspace) and can access the Team's instances, members, and subscription resources. A PAT created for yourself can only access your personal resources.

::: info
Team admins can view PATs created for their Team, but only the creator of a PAT can revoke it.
:::

## Security considerations
## Security Considerations

- **Always set an expiration date** when [creating a PAT](/dashboard/guides/create_pat). Open-ended tokens increase your risk exposure if they are leaked.
- **Treat PATs like passwords.** Store them in environment variables or a secret management system. Never commit them to source code.
Expand Down
2 changes: 1 addition & 1 deletion src/app/quickstart/plugins.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ description: "A step-by-step guide to Caido's Plugins interface for installing a

# Plugins

The `Plugins` interface allows you to install and manage plugin packages in Caido. These packages extend Caido's functionality, offering high degree of customization.
The `Plugins` interface allows you to install and manage plugin packages in Caido. These packages extend Caido's functionality, offering a high degree of customization.

::: tip <code><Icon icon="fas fa-video" /></code> Video Demonstration
---
Expand Down
6 changes: 3 additions & 3 deletions src/burp-suite/core/ai.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Burp Suite Pro AI features and their Caido equivalents.

## Available

### Generating AI-powered explanations
### Generating AI-Powered Explanations

Burp can generate natural-language explanations of HTTP requests and responses from Repeater.

Expand Down Expand Up @@ -46,7 +46,7 @@ Caido does not ship a single bundled AI product like Burp AI. Use **Shift** (inc
- [Shift Tutorial](/app/tutorials/shift.md)
- [Chatio](https://github.com/caido-community/Chatio) (GitHub)

### Automating tasks with custom actions
### Automating Tasks with Custom Actions

Burp AI custom actions automate repetitive Repeater tasks with prompts and predefined workflows.

Expand All @@ -61,7 +61,7 @@ Caido offers **Shift Agents** to assign autonomous background tasks to a model,

## Not Available

### AI credits
### AI Credits

Burp tracks AI usage through a credits system tied to your PortSwigger subscription.

Expand Down
10 changes: 5 additions & 5 deletions src/burp-suite/core/browser-and-setup.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Burp Suite Pro browser integration, transport, and setup features and their Caid

## Available

### Testing mobile applications
### Testing Mobile Applications

Burp proxies traffic from iOS and Android devices through the intercepting proxy.

Expand All @@ -21,7 +21,7 @@ Caido supports proxying mobile device traffic the same way as Burp: install Caid
- [Importing CA Certificates](/app/guides/ca_certificate_importing.md)
- [Android Introduction Tutorial](/app/tutorials/android_introduction.md)

### External browser configuration
### External Browser Configuration

Burp lets you use a system browser other than its embedded browser with the proxy.

Expand All @@ -33,7 +33,7 @@ Caido supports using a **preconfigured browser** or manually set any browser's p
- [FoxyProxy Guide](/app/guides/foxyproxy.md)
- [ZeroOmega Guide](/app/guides/zeroomega.md)

### Invisible proxying
### Invisible Proxying

Burp forwards non-proxy-aware clients through the proxy without explicit proxy configuration.

Expand All @@ -44,7 +44,7 @@ Caido offers an **Invisible Proxy** setup to intercept traffic from clients that
- [Invisible Proxy Tutorial](/app/tutorials/invisible_proxy.md)
- [Invisible Proxying Guide](/app/guides/invisible_proxying.md)

### Managing CA certificates
### Managing CA Certificates

Burp lets you install and manage its CA certificate for intercepting HTTPS traffic.

Expand All @@ -58,7 +58,7 @@ Caido lets you export and install its CA certificate from **Settings → Network

## Indirectly Available

### Burp's browser
### Burp's Browser

Burp ships a Chromium-based browser preconfigured to proxy through Burp with DOM Invader integration.

Expand Down
6 changes: 3 additions & 3 deletions src/burp-suite/core/overview.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,14 @@ description: "Map Burp Suite Pro built-in features to Caido."

This section maps **Burp Suite Pro** built-in tools and product features to Caido.

## How to use this section
## How to Use This Section

1. **Search by Burp name** — Use the site search or your browser's find-in-page for the Burp feature you used (for example, `Intruder`, `HTTP history`, or `Collaborator`).
1. **Search by Burp feature name** — Use the site search or your browser's find-in-page for the Burp feature you used (for example, `Intruder`, `HTTP history`, or `Collaborator`).
2. **Open the matching page** — Pick the page that best fits what you used in Burp. New to Caido? Start with [Browser & Setup](/burp-suite/core/browser-and-setup), then [Tools](/burp-suite/core/tools).
3. **Read the mapping** — Entries are grouped under **Available**, **Indirectly Available**, and **Not Available**. Each entry explains the Caido equivalent, how it differs from Burp, and links under **Resources**.

::: tip New to Caido?
After finding your equivalents, continue with the [Application quickstart](/app/quickstart/).
After finding your equivalents, continue with the [application quickstart](/app/quickstart/).
:::

## Pages
Expand Down
6 changes: 3 additions & 3 deletions src/burp-suite/core/project-and-configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Burp Suite Pro project files, session handling, and configuration features and t

## Available

### Project files
### Project Files

Burp saves and restores project state including traffic, site map, and configuration.

Expand All @@ -23,7 +23,7 @@ Caido offers native **Workspaces** to manage projects and persist traffic, scope

## Indirectly Available

### Session handling rules
### Session Handling Rules

Burp automatically modifies requests based on session state using macros and rules.

Expand All @@ -49,7 +49,7 @@ Caido offers **Workflows** as the equivalent for defining sequences of actions
- [Creating Workflows](/app/guides/workflows_creating.md)
- [Refresh Authentication Tutorial](/app/tutorials/refresh_authentication.md)

### Configuration library
### Configuration Library

Burp exports specific settings as shareable configuration files and saves configuration profiles for reuse across projects.

Expand Down
2 changes: 1 addition & 1 deletion src/burp-suite/core/reporting.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Burp Suite Pro reporting and export features and their Caido equivalents.

## Indirectly Available

### Generating a report
### Generating a Report

Burp exports scan results and findings as formatted HTML or XML reports.

Expand Down
14 changes: 7 additions & 7 deletions src/burp-suite/core/scans.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ Caido offers the community **Scanner** plugin for automated vulnerability scanni
- [Scanner](https://github.com/caido-community/scanner) (GitHub)
- [Scanner Tutorial](/app/tutorials/scanner.md)

### Configuring scans
### Configuring Scans

Burp lets you adjust scan speed, insertion points, and audit checks for Scanner.

Expand All @@ -30,7 +30,7 @@ Caido lets you configure scan behavior through the **Scanner** plugin's custom c
- [Scanner: Custom Checks](https://github.com/caido-community/scanner#check-definition) (GitHub)
- [Workflows](/app/quickstart/workflows.md)

### Running scans
### Running Scans

Burp launches full crawl-and-audit or targeted scans against web applications.

Expand All @@ -42,7 +42,7 @@ Caido supports running active scans with the **Scanner** plugin and targeted fuz
- [Automate](/app/quickstart/automate.md)
- [Scanner Tutorial](/app/tutorials/scanner.md)

### Scanning specific HTTP messages
### Scanning Specific HTTP Messages

Burp runs an audit against selected requests rather than an entire site.

Expand All @@ -54,7 +54,7 @@ Caido lets you send selected requests from **HTTP History** to the **Scanner** p
- [Scanner](https://github.com/caido-community/scanner) (GitHub)
- [Automate](/app/quickstart/automate.md)

### Viewing scan results
### Viewing Scan Results

Burp lets you review discovered issues, audit items, and event logs from scans.

Expand All @@ -67,7 +67,7 @@ Caido lets you review results in native **Findings** and the **Scanner** plugin'

## Indirectly Available

### Live tasks
### Live Tasks

Burp runs continuous background crawling and auditing of in-scope traffic as you browse.

Expand All @@ -79,7 +79,7 @@ Caido offers native **Passive Workflows** for real-time traffic analysis as you
- [Workflows](/app/quickstart/workflows.md)
- [Scanner](https://github.com/caido-community/scanner) (GitHub)

### Application logins
### Application Logins

Burp lets you provide credentials or recorded login sequences so Scanner can test authenticated areas.

Expand All @@ -95,7 +95,7 @@ Caido lets you store credentials in native **Environment Variables**, record log

## Not Available

### Resource pools
### Resource Pools

Burp limits concurrent scan threads to control resource usage during scans.

Expand Down
6 changes: 3 additions & 3 deletions src/burp-suite/core/target-and-scope.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ Caido splits target management across native **Sitemap**, **Scopes**, and **Find
- [Scopes](/app/quickstart/scopes.md)
- [Findings](/app/quickstart/findings.md)

### Site map
### Sitemap

Burp displays a tree view of discovered hosts, directories, and endpoints.

Expand All @@ -44,7 +44,7 @@ Caido offers native **Scopes** to define in-scope hosts. Scoped traffic can be h
- [Defining Scopes](/app/guides/scopes_defining.md)
- [Applying Scopes](/app/guides/scopes_applying.md)

### Issue definitions
### Issue Definitions

Burp lets you customize how Scanner reports and categorizes issue types.

Expand All @@ -56,7 +56,7 @@ Caido lets you define custom finding types through the **Scanner** plugin's cust

## Indirectly Available

### Crawl paths
### Crawl Paths

Burp visualizes how its crawler reached specific endpoints.

Expand Down
Loading
Loading