Capabilities
| Feature | Description |
|---|---|
| Request Capture | Log all HTTP/HTTPS traffic automatically |
| Request Replay | Repeat any request with modifications |
| HTTPQL | Query captured traffic with powerful filters |
| Scope Management | Focus on specific domains or paths |
| Sitemap | Visualize the discovered attack surface |
HTTPQL Filtering
Query captured requests using Caido’s HTTPQL syntaxRequest Replay
The agent can take any captured request and replay it with modifications:- Change path parameters (test for IDOR)
- Modify request body (test for injection)
- Add/remove headers (test for auth bypass)
- Alter cookies (test for session issues)
Python Integration
Proxy helpers are available to sandbox Python scripts through the image-bakedcaido_api module. This enables powerful scripted security testing:
Available Functions
| Function | Description |
|---|---|
list_requests() | Query captured traffic with HTTPQL filters |
view_request() | Get full request/response details |
repeat_request() | Replay a request with modifications |
list_sitemap() | Browse the request-tree view of discovered surface |
view_sitemap_entry() | Inspect one sitemap entry + its related requests |
scope_rules() | Manage proxy scope (allowlist/denylist) |
curl — the
sandbox’s HTTP_PROXY env routes the traffic through Caido
automatically, so it lands in list_requests and can be replayed via
repeat_request.
Example: Automated IDOR Testing
Human-in-the-Loop
Strix exposes the Caido proxy to your host machine, so you can interact with it alongside the automated scan. When the sandbox starts, the Caido URL is displayed in the TUI sidebar — click it to copy, then open it in Caido Desktop.Accessing Caido
- Start a scan as usual
- Look for the Caido URL in the sidebar stats panel (e.g.
localhost:52341) - Open the URL in Caido Desktop
- Click Continue as guest to access the instance
What You Can Do
- Inspect traffic — Browse all HTTP/HTTPS requests the agent is making in real time
- Replay requests — Take any captured request and resend it with your own modifications
- Intercept and modify — Pause requests mid-flight, edit them, then forward
- Explore the sitemap — See the full attack surface the agent has discovered
- Manual testing — Use Caido’s tools to test findings the agent reports, or explore areas it hasn’t reached