Why Caido is your best friend?

But this blog is about why you should use caido …

No , I am not telling that you should stop using burp, absolutely not! Both are very good MITM proxies. But in some cases Caido works better and in some cases burp works better (I am talking for whoever are using free versions).

Caido can auto scan your target requests on its own! ain't this awesome? I really got an awesome XSS while pentesting one of my office project, I kinda got bored using burp so i was using caido and exploring it to be honest. But the thing is I was really never hunting XSS, I was looking for IDORs and business logics.

But Something interesting flagged in the finding tab !!!

It was not too brain storming thing or like that a simple reflection !

"embededurl" parameter is reflecting as it is the input! Cool huh?

Observe! the reflection in the request embedded-signup.php%3F is reflecting https://<SOME-WEBSITE.com>/embedded-signup.php? in the response (SOME-WEBSITE.com is another website login page embedding into our target site through iframe …. obviously I can't disclose original sites)

So obviously I tried with a XSS payload….. So the payload was …

evil.com%20onload%3Dalert(document.cookie)>--

evil.com%20onload%3Dalert(document.cookie)>--

which if you decode comes…

evil.com"onload=alert(document.cookie)>--

evil.com"onload=alert(document.cookie)>--

obviously, I had to use obfuscation type payload…… And here it comes… we got the sweet reflection and no security mechanism implemented so executed as we thought look at the bottom…

Observe here, We got the reflection already because we can see that our payload is executing as JavaScript. But but but the fun part is it was a redirect page so mostly victim cannot understand if we steal the cookies

Oh! for the satisfaction obviously I opened the response in the browser ….

So, here is the conclusion I guess…. So, we should use both for better and more findings…. Both are so cool. And personally I fell for Caido. Lemme know your thoughts….