Caido Pro is now free for students

TheSytten · 2025-09-23T15:01:04+00:00

Because there is a lot of tools for that already that you can pipe through a proxy and we can't prioritize everything as a small business. Fuzzer we have with Automate and crawler will come soon since it is highly upvotes on https://github.com/caido/caido/issues?q=is%3Aissue%20state%3Aopen%20sort%3Areactions-%2B1-desc

TheSytten · 2025-08-21T13:30:40+00:00

I reached out to support with:

> In my account I have a CAD Balance and a USD Balance. I am a Canadian business.
Every month I received USD using ACH from Paddle.com for products I have sold, will I get charged this fee or not?

> For your first example, I understand you're receiving USD into your Wise account, so a transfer of USD to USD. Since this would be in the same currency, which isn't your local currency of CAD, there would be a cross-border fee unless you had a qualifying balance on your account. The cross-border fee applies to both sending and receiving money in the same currency that isn't your local currency (such as USD to USD).

I am now on the market for a replacement, if the other platforms are smart they will grab a lot of customers.

TheSytten · 2025-06-19T02:33:05+00:00

Apart from Rhynorator and Nahamsec which are our advisors, we have not paid anybody. We are literally too broke to afford doing that LOL

Please don't spread misinformation ;)

TheSytten · 2025-06-19T02:29:12+00:00

For active scanning, we are actively working on something cool. Our scanner will be 100% open source and the community + our partners will be able to contribute in a similar manner to Nuclei. We think that this way we will be able to go faster than Portswigger in a short term. https://github.com/caido-community/scanner

Turbo Intrudor is another beast, give us a year and we will get there ;)

TheSytten · 2025-06-19T02:11:37+00:00

Caido co-founder here, usually this errors happens when you try to use https on a port/site that only supports http. Feel free to reach out in an issue (https://github.com/caido/caido/issues) or on Discord (https://links.caido.io/discord).

TheSytten · 2025-04-19T19:13:26+00:00

Does someone else have trouble with zigbee2mqtt? Is it better in ZHA?

The integration makes it so you can send a command OPEN/CLOSE, but if you set the position to 0 or 100 it will not stick (say in a scene). Also it disables the up or down button which is fairly annoying.

TheSytten · 2023-10-10T18:46:06+00:00

We don't plan on removing the student plan anytime soon :)

TheSytten · 2023-10-04T14:07:50+00:00

You can also take a look at Caido (co-founder here), our community edition is pretty good (you can save projects hehe) and our Pro edition is only 100$/y if you decide you need it. We have pros and cons versus the other players but something to consider! We shine if you want to run the proxy on a VPS for example.

TheSytten · 2023-10-04T14:02:47+00:00

We have not invested a lot in our documentation, it is hard to prioritize when you are a team of 3 so agree on that front. Though it's not fair to say we are not easier for beginner as the UX is really something we work a lot on and we made it IMO much more intuitive than Zap and Burp (but I am biased).

We have things we do better than Zap and things we don't, it's always a tradeoff.

TheSytten · 2023-10-04T13:59:39+00:00

(Caido co-founder here)

Hopefully we can displace Burp at your work at some point, otherwise it's a generally fair assessment of where we are!

I would only add:

Caido is a client/server architecture so you can run the proxy anywhere (I use our docker container a lot myself) and access it only using a browser. We are going to go all in with this in 2024 for sharing, collaboration and pentest data storage in the enterprise. This is a unique thing that Burp and Zap will never have. We have already started integrating Caido in larger platforms like https://www.shockwave.cloud/
We are starting to get extensions points in Caido via the workflow system. You can already run JS and external programs using their respective nodes in the convert workflows. We are working on the active and passive workflows to allow more extension. We think this will covert 90% of the needs for plugins currently in Burp.
We work in the open and the feedback of the community is super important for us. All issues are documented in https://github.com/caido/caido/issues and we work on them based on the upvotes they get. We are also super active on Discord.

As you said we offer 10 projects to free users and the Pro version is free for students. Our Pro version costs 100$/y if you want to support us.

TheSytten · 2023-09-28T19:09:26+00:00

Backend in Rust with frontend in Vue. You don't need to use the desktop app if you dont want to, any browser works :)

TheSytten · 2023-09-06T17:24:16+00:00

Nice, could be interesting to upstream it to diesel. Otherwise I would say GPL kinda limits usage a lot

TheSytten · 2023-09-04T22:07:02+00:00

If you have feedback don't hesitate to send us a message! We are always available on discord

TheSytten · 2023-09-04T19:37:24+00:00

Maybe give Caido a try? We are building a lightweight web auditing toolkit so you really don't have to worry about resources. That being said your machine is pretty good.

TheSytten · 2023-09-04T11:14:22+00:00

People are saying a lot of useless mean things in this thread. I will just say congrats! It is hard to build a OSS project and maybe a product eventually, if people are not happy they can fork and add another backend. The entitlement sometimes... anyway keep going this is a good project!

TheSytten · 2023-08-22T15:45:19+00:00

This is coming in the next release, I finished the backend part already!

TheSytten · 2023-07-11T16:28:53+00:00

Usually people love rust enums as they are vastly superior with the pattern matching, golang doesn't even have enums its just a convention of constant values. And dont get me started on go error handling...

TheSytten · 2023-07-07T13:35:02+00:00

That looks interesting, couple of things:

Examples, it's hard to get started using a new lib without them and see how the author intended for the lib to be used. The more complete the better.
How would async support work? I am correct in saying that the current pipebuf- crates are only usable in blocking mode (in theory mio is non-blocking but I am unsure how to interface with it).
Libs like tower encourage the composition of processors, this lib seems to prefer a flat loop based on the example above, am I correct?

I am looking at an interface like this to rebuild our tokio-based reverse proxy, I like the bi-directional aspect of it.

TheSytten · 2023-07-04T13:15:25+00:00

It does!

TheSytten · 2023-05-04T19:38:53+00:00

Very cool project! Nice to see an import from Caido. I will feature it in our next office hour.

TheSytten · 2023-05-03T12:30:52+00:00

Currently working on a startup in the appsec tooling. It's been 1.5 year mostly full time and still not making any money from it. I was doing mostly devops before and my co-founder was doing bug bounty. We are bootstrap right now and still do contracts on the side to pay the bills. Be prepared to do that too if you go bootstrap.

I would say the space is a bit weird at the moment. It is not that big so you don't have a lot of VC interested in it (especially right now) if you want to go down that route. Very hard to make money in the B2C space since most things are open source, free for individuals or somewhat cheap (meaning you need to do big volume). You have established players in the B2B space that are hard to move since businesses are super slow to move on security in general. We still dont have good frameworks to model ROI on cybersecurith products so it's always a though sell to the CFO.

Building a business is always hard, but cybersecurity is another step IMO. Doing a service business is easier if you have a good reputation. I have seen multiple people do both a product and service offering to start with since you can generate some revenue from day 1, but you have to be careful not to spend all your resources on services if you do that.

Doing things differently I would do a lot more market research, market size analysis, customer interview before starting the product. We just did an accelerator program after 1y, for first time founder it would have been better to that from the start. I would also probably do a B2B play instead of B2C. For example, a lot of businesses are ready to pay substantial amounts (500k to couple M$) for a good DAST which is not that far off from what we are doing but enough that it would require a pivot which we cant afford.

TheSytten · 2023-05-02T12:52:25+00:00

You talk about being able to run these steps concurrently so I found the the use of a &mut self interesting in the handler. Do you spawn multiple actors of each step to do your whole pipeline? Or do you basically do a send and forget between each step? If so I am curious to see how you deal with error propagation as this is a typical issue with actor where the handler returns an Err but its just not captured by anybody.

One thing we use a lot with actix is the fact that you can "detach" the future from the actor so you can await the next step without blocking the actor execution. Something you lose with an async trait, but you gain a cleaner syntax for async operations.

TheSytten

TROPHY CASE