Caido

Caido is a web application security testing proxy built from the ground up in Rust, giving it notably lower memory usage and higher throughput than JVM-based alternatives. It acts as a man-in-the-middle between a tester’s browser and the target application, intercepting and logging all HTTP/S and WebSocket traffic in a searchable, filterable history. The core proxy, business logic, and protocol handling are all written in Rust, while the user interface is a Vue.js web application — meaning the same UI can be accessed from a desktop shell or from any browser pointed at a remotely hosted Caido instance, including phones and low-resource machines.

What sets Caido apart technically is its emphasis on developer-grade ergonomics and programmability. Its custom query language HTTPQL lets testers filter request history using SQL-like syntax, converting HTTP-domain queries into SQLite queries — a capability absent from most comparable tools. Automated testing supports multi-position payload injection with full control over threading and request rate. The tool ships with a JavaScript/TypeScript plugin SDK where plugins run in isolated contexts and can hook into the proxy pipeline, add UI panels, or invoke external services.

Caido operates under a freemium model: a permanent free tier covers core proxy and limited project counts, while paid tiers unlock unlimited projects, collaborative shared instances, and priority support. Since its public debut in 2021, Caido has gained rapid adoption in the bug bounty and penetration testing community as a credible, actively developed alternative to Burp Suite — particularly valued by users who want a performant, keyboard-friendly tool that runs well on low-resource machines or headless servers.