Caido
CoreExtensibility

Tools

Burp Suite Pro tools — Proxy, Repeater, Intruder, utilities, and related features — and their Caido equivalents.

Available

Command palette

Burp provides a quick-access launcher for tools, settings, and actions via the keyboard.

Caido includes a native command palette opened with Ctrl/Cmd+K. It exposes navigation, plugin commands, and shortcuts rather than Burp's tool-centric launcher, but serves the same quick-access purpose.

Resources

Burp provides global search across its tools for requests, issues, and configuration.

Caido offers native Search with HTTPQL to query captured traffic across your project. Search replaces Burp's cross-tool search with a traffic-focused query language rather than a unified issue-and-config index.

Resources

Context menu

Burp offers right-click actions on requests, responses, and site map entries.

Caido provides native context menu actions on requests and responses in HTTP History, Replay, and related views. Available actions depend on the current view and installed plugins.

Resources

Filter settings

Burp applies shared filter configuration across its tables and views.

Caido offers native Filters that apply across traffic tables and can be combined with HTTPQL. Filters are view-scoped rather than a single global filter profile shared by every Burp tool.

Resources

Proxy

Burp captures HTTP/S traffic through an intercepting proxy between your browser and target applications.

Caido offers native Intercept and HTTP History to handle proxied traffic capture. Intercept pauses traffic for review; HTTP History stores the full log. Together they cover Burp Proxy's core workflow without a separate Proxy tool tab.

Resources

Proxy intercept

Burp lets you pause, inspect, and modify individual requests and responses in flight.

Caido offers native Intercept to pause, inspect, and forward or drop individual requests and responses. Behavior matches Burp's intercept queue, integrated into Caido's main traffic workflow.

Resources

HTTP history

Burp maintains a persistent log of all proxied HTTP traffic with filtering and search.

Caido offers native HTTP History as the persistent traffic log. It supports filtering, search, and sending entries to Replay or Automate. It is the primary workspace for reviewing proxied HTTP traffic.

Resources

WebSockets history

Burp captures and inspects WebSocket messages proxied through the proxy.

Caido offers native WS History to capture WebSocket frames proxied through the instance. It provides a dedicated view for WebSocket traffic separate from HTTP History.

Resources

Match and replace

Burp automatically modifies requests or responses matching defined rules as they pass through the proxy.

Caido offers native Match & Replace to apply rules to traffic in transit, similar to Burp's match-and-replace rules. Rules can target requests, responses, and specific scopes.

Resources

Repeater

Burp lets you manually modify and resend individual HTTP requests to observe response changes.

Caido offers native Replay to edit and resend individual requests. Replay is accessed from HTTP History and the context menu rather than a dedicated Repeater tab, but supports the same manual request manipulation workflow.

Resources

Intruder

Burp performs automated payload injection for fuzzing, brute-forcing, and enumeration attacks.

Caido offers native Automate for payload-based attacks. Automate supports wordlists, numeric ranges, multiple payload sets, and preprocessors — covering Burp Intruder's core fuzzing and brute-force workflows with a different UI model.

Resources

Inspector

Burp provides a structured view of request and response components (headers, parameters, cookies).

Caido does not have a separate Inspector panel. Request and response components are edited inline in Replay, HTTP History, and Automate using built-in structured editors. Headers, parameters, and cookies are accessible without switching to a dedicated tool.

Resources

Message editor

Burp lets you edit HTTP messages in raw and parsed form across its tools.

Caido builds native message editors into Replay, Intercept, and Automate. You can switch between structured and raw editing within each view rather than using a shared editor component across separate Burp tabs. The Hex community plugin adds hex view and edit modes in HTTP History and Replay.

Resources

Decoder

Burp encodes, decodes, and hashes data in common formats.

Caido offers native Convert Workflows to transform data between formats. The Convert Tools community plugin adds a Decoder-like toolbox for on-demand encoding, decoding, and format conversion. Unlike Burp's standalone Decoder tab, Caido combines workflow-driven conversion with optional plugin utilities.

Resources

Comparer

Burp compares requests, responses, and arbitrary data with word-level and byte-level diffing.

Caido offers the community Compare plugin to diff requests and responses. Caido does not ship a native Comparer tab; diffing is handled by a dedicated plugin.

Resources

Sequencer

Sequencer analyzes the randomness of session tokens and CSRF tokens.

Caido offers the Sequencer community plugin to collect tokens from traffic and run statistical randomness tests, similar to Burp Sequencer. Install it from the Community Store in Plugins.

Resources

Collaborator

Burp includes an out-of-band interaction server for detecting blind SSRF, XXE, and similar vulnerabilities.

Caido supports out-of-band interaction testing through community plugins such as QuickSSRF, OmniOAST, or SLCyber Tools (Surf for SSRF). Caido does not ship a built-in Collaborator server; dedicated plugins provide the same capability.

Resources

Logger

Burp captures and reviews traffic from all tools in a unified log.

Caido offers native Search that queries all captured traffic across the project, covering much of Burp Logger's review workflow. Caido also supports enhanced logging with custom fields through the Cerebrum plugin.

Resources

Organizer

Organizer stores and annotates interesting requests for later review.

Caido offers native Findings to track notable requests and issues. Findings serves a similar annotation and review purpose to Burp Organizer, tied to Caido's findings model rather than a separate request collection.

Resources

Content discovery

Burp brute-forces hidden directories and files on a web server.

Caido offers native Automate with wordlists to brute-force paths and files, and the Crawler community plugin for automated sitemap and endpoint discovery. Together they cover Burp's content discovery and crawl-driven enumeration workflows.

Resources

Generate CSRF PoC

Burp builds cross-site request forgery proof-of-concept HTML from captured requests.

Caido offers the CSRF PoC Generator community plugin to build CSRF proof-of-concept HTML from captured requests. Install it from the Community Store and generate PoCs from HTTP History or Replay.

Resources

Indirectly Available

Dashboard

Burp provides a central hub that shows scan progress, issue summaries, and task status.

Caido does not have a single dashboard tab. Instead, traffic-centric views like HTTP History and Search are the default workspace, and some community plugins ship their own dashboard pages for scanning or authorization testing.

Resources

Customizing Burp's layout

Burp lets you rearrange tabs, split panes, and customize the UI layout.

Caido has a fixed application layout and does not support Burp-style tab rearrangement. For custom views, community plugins can add dedicated pages through the plugin SDK.

Resources

Engagement tools

Burp bundles a suite of utilities for target analysis, content discovery, and PoC generation.

Caido does not bundle engagement utilities into a single tool suite. Equivalent workflows are spread across native features like Sitemap and Automate, plus purpose-built plugins such as Exploit Generator, CSRF PoC Generator, and Crawler.

Resources

Target analyzer

Target analyzer summarizes a target's technology stack, content types, and dynamic URLs.

Caido has no dedicated target analyzer. Caido lets you review technology hints in HTTP History responses, use passive workflows to flag stack indicators, and install plugins such as JS Analyzer or RetireJS Scanner for JavaScript and library analysis on captured traffic.

Resources

Manual testing simulator

The manual testing simulator simulates user interactions for manual testing scenarios.

Caido offers native Replay for manual request-level testing, or a preconfigured browser for browser-based interaction. The PwnFox plugin integrates multi-container browser profiles for parallel sessions. Caido does not ship a dedicated interaction simulator like Burp's manual testing simulator.

Resources

DOM Invader

Burp supports browser-based testing for DOM XSS, prototype pollution, and web message vulnerabilities.

Caido has no built-in DOM Invader equivalent. The DOMLogger++ plugin pairs with a browser extension to monitor and debug JavaScript sinks using customizable rules — partial coverage for DOM-focused testing, not Burp's full in-browser attack surface.

Resources

Not Available

Clickbandit

Clickbandit generates clickjacking proof-of-concept overlays against a target page.

Caido has no clickjacking PoC generator. Build PoCs manually with HTML iframes and verify framing protections by replaying requests and inspecting response headers.

Resources

Infiltrator

Infiltrator modifies compiled class files to test deserialization and injection in Java applications.

Caido has no equivalent to Infiltrator's bytecode manipulation. Use external Java instrumentation tools for class-level testing and Caido's Replay for HTTP-level request manipulation.

Resources