Welcome back, hacker novitiates! In previous articles, we explored some of Caido’s basic features, which are generally similar to those found in Burp Suite and ZAP. In today’s article, I’d like to demonstrate how Caido enables you to automate the testing process through its intuitive visual interface. Step #1: Fire up Kali and Caido For […]
The post Web App Hacking: Automated Security Workflows in Caido first appeared on Hackers Arise.
Welcome back, hacker novitiates!
In previous articles, we explored some of Caido’s basic features, which are generally similar to those found in Burp Suite and ZAP. In today’s article, I’d like to demonstrate how Caido enables you to automate the testing process through its intuitive visual interface.
Step #1: Fire up Kali and Caido
For this walkthrough, our web application target will be an online store. As usual, the first steps are to start Kali Linux and Caido, then enable the proxy and begin exploring the target.
In this case, we can see a relatively unusual folder prefix, “wa-”, which indicates that our store is built on Webasyst—a PHP framework and CMS/e-commerce platform. You can think of it as something between WordPress (a CMS) and Laravel (a PHP framework).
Checking the robots.txt file confirmed this assumption.
Step #2: Getting Started with Caido Workflows
First, we need to create a new Workflow. To do this, navigate to the Testing section.
After clicking, you’ll see a screen similar to the one shown below.
Here you can see two blocks: On Intercept Request and Passive End. In Caido, these are called nodes, and our workflow structure will be created between them. The first node receives the request, and then our defined scenario is executed.
For example, let’s create a workflow that looks in the HTTP history for /wa-config/ directories, which often contain configuration files such as database connection details. To make this more visible, we’ll also add a rule to highlight the request by changing its color.
Step #3: Add an HTTPQL Matcher
Click on Add Node and select Matches HTTPQL.
Once the node appears on the screen, we can connect our first node to this matcher. Next, by clicking on it, we’ll write a simple HTTPQL rule to look for the specified directory. This can be done with the following command:
req.path.cont:”wa-config”
Step #4: Change the Color
After that, we’re ready to add a line from this matcher to change the color of the request when the statement is true.
We should also remember to add the request itself and connect this block to the ending node.
Next, if we reload our target website, requests to the specified path in the HTTP history will be highlighted in the color configured in the workflow.
Summary
In this article, I’ve only shown the tip of the iceberg. You can create workflows for very specific scenarios to significantly improve the efficiency of your web application testing. For example, you can develop custom workflows tailored to the vulnerabilities you are targeting, and as you explore a website, Caido will automatically flag findings you configured for your needs.
It’s also worth mentioning that Caido supports plugins that can help you discover hidden parameters, bypass WAFs, and more. This makes it a powerful tool that could easily become your go-to solution for web application security testing.
If you find web application testing interesting, consider checking out our Advanced Web Hacking course to take your expertise to the next level.
The post Web App Hacking: Automated Security Workflows in Caido first appeared on Hackers Arise.
Source: HackersArise
Source Link: https://hackers-arise.com/web-app-hacking-automated-security-workflows-in-caido/