caido

This MCP server wraps Caido proxy capabilities to let AI assistants interact with Caido features through MCP-compatible tooling. It exposes a set of commands to inspect and replay HTTP traffic, manage scopes, projects, and findings, and to run automated fuzzing workflows. Core capabilities include: listing and retrieving HTTP requests (with filtering via HTTPQL), replaying requests and receiving inline responses, handling automation sessions and fuzz results, managing sitemap and scopes, and operating with project contexts. The server also supports token auto-refresh during sessions and enforces a default 2KB cap on response bodies to keep context manageable. To use it, authenticate with Caido, configure your MCP client to point at the caido-mcp-server instance, and then leverage the available tools to explore requests, replay traffic, or trigger automations like fuzzing and finding creation.

Common workflows include authenticating, listing requests with caido_list_requests, replaying a request via caido_send_request, creating findings with caido_create_finding, checking sitemap with caido_get_sitemap, and reviewing automate sessions with caido_list_automate_sessions and caido_get_automate_session. Each tool returns structured data or inline responses that your MCP client can parse and present to the user.

Prerequisites:

• A Caido instance running and accessible (Caido URL).
• curl and bash available on the host.
• Optional: Go toolchain if you plan to build from source.

Install via script (recommended):

1. Install the MCP server binary using the provided install script:

curl -fsSL https://raw.githubusercontent.com/c0tton-fluff/caido-mcp-server/main/install.sh | bash

2. Ensure the caido-mcp-server binary is in your PATH. You can now run the server with the standard command (for example: caido-mcp-server serve).

Alternative: Build from source (Go):

1. Clone the repository

git clone https://github.com/c0tton-fluff/caido-mcp-server.git
cd caido-mcp-server

2. Build the binary

go build -o caido-mcp-server .

3. Run the server

./caido-mcp-server serve

Configure your MCP client to use the server as described in the Quick Start section.

Tips and notes:

• If you encounter invalid token errors, re-authenticate with caido-mcp-server login.
• Token refresh happens automatically during sessions, but ensure CAIDO_URL points to your Caido instance.
• The 2KB body limit is in place to keep context manageable; for larger bodies, fetch full content via dedicated endpoints if needed.
• If you see poll timeouts during replay, the target server may be slow; try retrieving results with get_replay_entry using the returned entryId.
• The MCP config example uses the caido server name from the Quick Start. Adjust the env CAIDO_URL to match your Caido deployment address.
• Logs for MCP interactions may appear under ~/.cache/claude-cli-nodejs/*/mcp-logs-caido/ for debugging.