v0.43.1

Changelog

Small release to fix some bugs.

🐞 Bug Fixes

• Fixed update ofMatch & Replace Rules
• Fixed background color of tab rename
• Fixed missing subscriptions for automate

Issues

This release also includes other bug fixes and improvements.
View the full list of changes here.

CLI

• Linux x86_64
• Linux AArch64
• macOS x86_64
• macOS AArch64
• Windows x86_64

Desktop

• Linux x86_64 (deb)
• Linux x86_64 (tar.gz)
• Linux x86_64 (AppImage)
• Linux AArch64 (deb)
• Linux AArch64 (tar.gz)
• Linux AArch64 (AppImage)
• macOS x86_64
• macOS AArch64
• Windows x86_64

v0.43.0

Changelog

This release adds new APIs for plugin developers.

🎨 Frontend SDK

• FilesSDK: List / Create / Update / Delete files
• FilterSDK: List / Create / Update / Delete filter presets
• HTTPHistorySDK: Get / Set HTTPQL queries
• SearchSDK: Get / Set HTTPQL queries
• MatchReplaceSDK:
  • List / Create / Update / Delete match & replace rules
  • List / Create / Update / Delete collections
• ReplaySDK:
  • List / Create / Delete tabs
  • List collections
  • List / Rename sessions

⚒️ Backend SDK

• sdk.events.onProjectChange: Run a function when the selected project has changed
• sdk.requests.matches: Check if a given request/response matches an HTTPQL query
• import { fetch } from "caido:http": You can now perform HTTP requests in a backend plugin using the fetch function

Issues

This release also includes other bug fixes and improvements.
View the full list of changes here.

CLI

• Linux x86_64
• Linux AArch64
• macOS x86_64
• macOS AArch64
• Windows x86_64

Desktop

• Linux x86_64 (deb)
• Linux x86_64 (tar.gz)
• Linux x86_64 (AppImage)
• Linux AArch64 (deb)
• Linux AArch64 (tar.gz)
• Linux AArch64 (AppImage)
• macOS x86_64
• macOS AArch64
• Windows x86_64

v0.42.0

Changelog

This release brings SOCKS proxy support as well as enhancements to the workflow editor.

🧦 SOCKS Proxy Support

You can now redirect traffic to SOCKS proxies, giving you more control over how your requests are handled. Multiple proxies can be configured at once, allowing you to assign specific traffic to different proxies based on the destination target.

🤖 Workflow Improvements

• The node editor sidebar now clearly indicates which inputs are required or optional and prevents the use of invalid references.
• "Matches HTTPQL" node now has true/false exec branches. No need to use the "if/else" node to process the result anymore.

⚒️ Backend/Workflow SDK

We've expanded our backend/workflow SDKs with new APIs.

• "crypto" module: Implemented a subset of the NodeJS "crypto" module. Check https://github.com/caido/sdk-js/blob/main/packages/quickjs-types/src/llrt/crypto.d.ts for more info on what's implemented.
• RequestSpec.parse("GET / ..."): Create a RequestSpec based on an HTTP request string
• sdk.replay.createSession: Create a replay session
• sdk.replaySession.getCollections: Get the list of replay collections

🎨 Frontend SDK

New API has been added to the frontend SDK to customize editors more extensively.

• Editor.getEditorView: Retrieve the internal CodeMirror EditorView

Issues

This release also includes other bug fixes and improvements.
View the full list of changes here.

CLI

• Linux x86_64
• Linux AArch64
• macOS x86_64
• macOS AArch64
• Windows x86_64

Desktop

• Linux x86_64 (deb)
• Linux x86_64 (tar.gz)
• Linux x86_64 (AppImage)
• Linux AArch64 (deb)
• Linux AArch64 (tar.gz)
• Linux AArch64 (AppImage)
• macOS x86_64
• macOS AArch64
• Windows x86_64

v0.41.0

Changelog

This release brings significant enhancements, including the introduction of a new community store, expanded SDK APIs, and important bug fixes.

🛒 Community Plugin Store

We have a community plugin store! This new store allows users to install plugins with a single click.

All plugins in the store are open source and submitted through github.com/caido/store.

Checkout the developer documentation to get started and to publish your own plugin: https://developer.caido.io/

🛠️ Backend SDK
We've expanded our backend SDK with new APIs to enhance plugin capabilities.

• sdk.requests.get(): Retrieve a request by its ID.
• sdk.meta.path(): Retrieve the file system path of the plugin.
• sdk.meta.db(): Access the SQLite database associated with the plugin.
• sdk.findings.get(): Fetch a finding associated with a specific request.
• Request.getUrl(): Obtain the URL for a given request.
• "net" module: Plugins can now utilize TCP sockets for enhanced connectivity.
• "sqlite" module: Create SQLite databases

🎨 Frontend SDK
New APIs have been added to the frontend SDK to provide additional UI components for plugins.

• sdk.ui.httpRequestEditor(): A read-only HTTPRequestEditor for displaying request details.
• sdk.ui.httpResponseEditor(): A read-only HTTPResponseEditor for viewing response content.

🐞 Bug Fixes

• Resolved issues related to JSON formatting in the editor
• Fixes issue where the undo history would be lost when switching between replay tabs

Issues

This release also includes other bug fixes and improvements.
View the full list of changes here.

CLI

• Linux x86_64
• Linux AArch64
• macOS x86_64
• macOS AArch64
• Windows x86_64

Desktop

• Linux x86_64 (deb)
• Linux x86_64 (tar.gz)
• Linux x86_64 (AppImage)
• macOS x86_64
• macOS AArch64
• Windows x86_64

v0.40.0

Changelog

This release brings a major upgrade to our desktop app, as well as a few improvements to HTTPQL, workflows and plugins.

We’ve transitioned from Tauri to Electron to improve performance and fix bugs, especially on Linux. If you’ve found the desktop experience sluggish on Linux, give it another try.

Note: The upgrade will remove your existing instance list. You will need to re-add your instances.

🔍 HTTPQL

• Added filtering based on req.len and resp.len fields for more precise querying.

🛠️ Plugins & Workflows

• Added atob and btoa functions.
• Implemented the Node.js “process” API to allow spawning new processes.
• Added support for setTimeout and setInterval.

These JavaScript enhancements are available for JS nodes in workflows and backend plugins.

Issues

This release also includes other bug fixes and improvements.
View the full list of changes here.

CLI

• Linux x86_64
• Linux AArch64
• macOS x86_64
• macOS AArch64
• Windows x86_64

Desktop

• Linux x86_64 (deb)
• Linux x86_64 (tar.gz)
• Linux x86_64 (AppImage)
• macOS x86_64
• macOS AArch64
• Windows x86_64

v0.39.0

Changelog

This release introduces backend plugins, workflow integration in Replay, and more.

🎨 Backend Plugins

Plugin developers can now add server-side logic to interact with frontend plugins.
Examples of server-side logic include interacting with the file system, which was not possible with frontend-only plugins.

Checkout https://github.com/caido/starterkit-plugin to get started.

🤖 Replay Workflow Integration

You can now apply preprocessors/workflows to your replay sessions. Use preprocessors to automatically encode portions of a request, calculate signatures/hashes and run command line tools.

🧰 Other notable changes

• HTTPQL: Added a new field req.tls to filter HTTPS requests
• Workflows: You can now specify a "Dedupe Key" when using the "Create Finding" node to prevent duplicate findings

Issues

This release also includes other bug fixes and improvements.
View the full list of changes here.

CLI

• Linux x86_64
• Linux AArch64
• macOS x86_64
• macOS AArch64
• Windows x86_64

Desktop

• (Experimental) Linux x86_64 (deb)
• (Experimental) Linux x86_64 (AppImage)
• macOS x86_64
• macOS AArch64
• Windows x86_64

v0.38.0

Changelog

This release adds improvements to Automate, HTTPQL, the frontend SDK, and more.

🤖 Automate Improvements

HTTPQL Support: Pro users can now filter Automate results with HTTPQL directly from the Automate page.
Numbers Payload: You can now run Automate attacks against a range of numbers

🔍 HTTPQL

We've added a few new fields to make filtering more versatile:

• row.id: Filter based on the ID of a row.
• source: Filter based on the source of a request (replay/automate/intercept/workflow)
• req.created_at: Filter based on the creation date of a request

🎨 Frontend SDK

The Frontend SDK now offers three new functionalities:

• caido.window.showToast(): Display a toast with a given message
• caido.menu.registerItem({ "type": "Request" }): You can now register context menu items on request panes
• caido.menu.registerItem({ "type": "Response" }): You can now register context menu items on response panes

This release also includes a few bug fixes. Check out https://github.com/orgs/caido/projects/4/views/32?sliceBy[value]=v0.38.0 for the full list of fixed issues.

Issues

View the full list of changes here.

CLI

• Linux x86_64
• Linux AArch64
• macOS x86_64
• macOS AArch64
• Windows x86_64

Desktop

• (Experimental) Linux x86_64 (deb)
• (Experimental) Linux x86_64 (AppImage)
• macOS x86_64
• macOS AArch64
• Windows x86_64

v0.37.0

Changelog

This release features a new plugin system, enhancements to the Automate page, new workflow nodes, and more.

🎨 Plugin Manager
We've added a new "Plugins" page to easily add/remove plugins to your Caido instance!

Plugin developers will need to compile their plugins into a new format. We'll be adding more information on how to build plugins via https://github.com/caido/starterkit•plugin and https://docs.caido.io .

The custom CSS/JS section will be deprecated in favour of this page.

🤖 Automate preprocessors
You can now specify preprocessors to be applied on automate payloads before they are sent.

Preprocessors include:
• [Pro] Convert Workflows
• URL Encode
• Prefix
• Suffix

🤖 New convert workflow nodes
We've added a new batch of workflow nodes:
• Match & Replace
• JSON Minify
• JSON Pretty
• Trim
• Join

🧰 Other notable changes
• Automate requests are now sent in the proper order
• New storage API for frontend plugins: Caido.storage.get/set/onChange
• [Pro] Improved the system prompt for the AI Assistant (thank you @Riddle1001 for the contribution)

CLI

• Linux x86_64
• Linux AArch64
• macOS x86_64
• macOS AArch64
• Windows x86_64

Desktop

• (Experimental) Linux x86_64 (deb)
• (Experimental) Linux x86_64 (AppImage)
• macOS x86_64
• macOS AArch64
• Windows x86_64

v0.36.1

Changelog

This release fixes an issue where pre•existing automate sessions would not load.

If you've noticed missing automate sessions in v0.36.0, please update to v0.36.1.

CLI

• Linux x86_64
• Linux AArch64
• macOS x86_64
• macOS AArch64
• Windows x86_64

Desktop

• (Experimental) Linux x86_64 (deb)
• (Experimental) Linux x86_64 (AppImage)
• macOS x86_64
• macOS AArch64
• Windows x86_64

v0.36.0

Changelog

This release introduces "Active Workflows", enhancements to the "Automate" and "Intercept" interfaces, and numerous bug fixes and quality•of•life improvements.

🤖 Introducing Active Workflows

We've introduced a new feature called "Active Workflows" that allows actions to be executed against individual requests.
You can trigger them manually by right-clicking on a request and selecting the desired workflow.

🍇 UX Improvements

We've updated the Automate, Intercept and Replay UI to be more intuitive.

• Intercept: You can now view both the intercepted requests/responses without having to switch between tabs
• Automate: Placeholders are now selectable and will show the corresponding payload settings
• Replay: You can now multi•select (shift+click / meta+click) replay sessions in the tab list and sidebar

🔍 HTTPQL Regex

HTTPQL now has a new regex notation (/my-regex/) to better support regex escape sequences.
Prefer using /regex/ instead of "regex" when using regular expressions.

Example usage: req.raw.regex:/gen_[0-9]\w\w\w/

🎨 Workflow JS SDK

Added new functions to the JavaScript workflow node:
• Request.getHeaders() & Response.getHeaders(): Get the list of headers in a Request/Response
• RequestSpec.removeHeader(): Remove a header from a RequestSpec

Features
#443: Mark automate jobs that are running in the tree view
#498: Explain types of attacks better in automate
#603: Drag and drop multiple files into workspace
#612: Delete multiple request tabs in Replay
#739: Add a way to download logs easily
#818: Active Workflows
#835: Add hex number for selected chars in replay
#839: Make replay/automate tab renaming better
#906: Sequential forwarding in "Intercept"
#910: Add option to add session tabs scrollbar (no tab racism)
#924: Add shift support for multi•select
#926: Frontend API • prevent replaceSelectedText from switching input focus
#956: Add source 'workflow' in advanced search options
#972: Adds getHeaders method for Request & Response types
#982: Add removeHeader in workflow SDK

Bugs
#861: Null payload marker in automate is a space instead of empty string
#875: Highlight bug in pretty
#886: Replay responses randomly scroll when resending a request
#907: "CTRL•F" Does Not Select the Search Bar in Replay
#912: Buggy automate threads
#927: Update Code tooltip
#928: Modified url copied via "copy url" does not update unless the request is sent first
#933: Frontend SDK • Settings menu does not render properly with 2+ items
#934: Multi•select using Window key instead of Ctrl on Windows
#940: Request & response do not disappear when deleting the last finding
#946: Cannot call constructor of classes in JS Node
#947: Workflow node stops dragging when mouse stopped
#949: Drag and Drop request from collections, select text automatically
#954: Preset filters not working
#974: Payload list running off screen with no scroll

CLI

• Linux x86_64
• Linux AArch64
• macOS x86_64
• macOS AArch64
• Windows x86_64

Desktop

• (Experimental) Linux x86_64 (deb)
• (Experimental) Linux x86_64 (AppImage)
• macOS x86_64
• macOS AArch64
• Windows x86_64