National Cyber Warfare Foundation (NCWF)

Web App Hacking: Finding Web App Vulnerabilities with Caido Scanner
0 user ratings		2025-09-30 16:22:20
milo
Red Team (CNA)

Welcome back, my aspiring cyberwarriors! Caido continues to grow in popularity in the tech community, and it’s well-deserved. Since the publication of our previous articles, developers have brought improvements to the Replay, Match & Replace tabs, updated the Plugin Store, and even more. There are dozens of different plugins that significantly improve the functionality of […]


The post Web App Hacking: Finding Web App Vulnerabilities with Caido Scanner first appeared on Hackers Arise.



Welcome back, my aspiring cyberwarriors!





Caido continues to grow in popularity in the tech community, and it’s well-deserved. Since the publication of our previous articles, developers have brought improvements to the Replay, Match & Replace tabs, updated the Plugin Store, and even more. There are dozens of different plugins that significantly improve the functionality of Caido. Today, I’d like to explore one of them: a vulnerability scanner.





Step #1: Installation





Kali Linux 2025.3 now includes Caido in its repositories. And to install it, it’s enough to update them:





kali> sudo apt update





And install it via APT:





kali> sudo apt install caido









Getting Started with a Scanner





To get started with the Caido scanner, we need to create a project and move on to the plugin tab. You’ll see a warning message similar to the one below.









After accepting the risk, we can install any plugin in one click. Installed plugins will appear in the sidebar.









By going through the websites, the scanner will already be in passive mode and analyze the traffic. You can see the results in the Findings tab.









You may also discover a potentially vulnerable endpoint and launch an active scan on it right away.









It will start a Scan Launcher first. You’ll see a configuration window with two tabs, like below.









Where you can set up aggressivity, scope, severities, and so on.





After starting, you can see what’s being checked right now and the successful findings.









Clicking Findings reveals additional details, such as the payload sent and the server’s response.









Next, we can check if it’s not a false positive.









In this example, it’s an old website, which is vulnerable to reflected XSS.





Summary





Plugins are boosting the efficiency of web‑app testing in Caido. Today, dozens of plugins cover a wide range of use cases. In this article, we take a closer look at the scanner plugin. Its combination of passive and active techniques helps you uncover vulnerabilities more quickly. Feel free to browse the Community Store for additional plugins—or create your own.





If you find web application testing interesting, consider checking out our Advanced Web Hacking course to take your expertise to the next level.

The post Web App Hacking: Finding Web App Vulnerabilities with Caido Scanner first appeared on Hackers Arise.



Source: HackersArise
Source Link: https://hackers-arise.com/web-app-hacking-finding-vulnerabilities-with-caido-scanner/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Red Team (CNA)


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.