Invisible Proxying
WARNING
Invisible proxying is disabled by default, view the guide on how to enable it.
Generally, applications can be configured to use a forward proxy to connect to their targets.
This is the case with Caido. By manually configuring the connection settings (or by using a browser extension such as FoxyProxy), we are able to proxy the traffic the browser generates, intended for a web server, through Caido.
When proxying in this "normal" context, the application will send a CONNECT request to establish a TCP tunnel before sending the request itself:
CONNECT https://example.com/ HTTP/1.1
Host: localhost:8080However, some applications are considered to be "thick clients", and cannot be configured to use a proxy. In such cases, "invisible proxying" (aka "transparent proxying") becomes an alternative method.
In this mode, Caido acts as the destination server, making the application unaware that it is communicating through a proxy. As a result, the application sends HTTP requests directly to Caido, without first sending a CONNECT request. This behavior is similar to how reverse proxies like Nginx™ operate.
This means that Caido needs to listen on the same port as the destination server (typically 443 or 80).
You will need to change your host DNS resolution (in the /etc/hosts on Linux for example) and from there, revert the resolution back with a Caido DNS override.
Learn how to create DNS Rewrite rules.
INFO
View Traffic Splitting to gain a detailed understanding of how Caido selects the host and port to use when forwarding requests.