Invisible Proxying
WARNING
Invisible proxying is disabled by default, view the guide on how to enable it.
Generally, applications can be configured to use a forward proxy to connect to their targets.
This is the case with Caido. By manually configuring the connection settings (or by using a browser extension such as FoxyProxy), we are able to proxy the traffic the browser generates, intended for a web server, through Caido.

When proxying in this "normal" context, the application will send a CONNECT
request to establish a TCP tunnel before sending the request itself:
CONNECT https://example.com/ HTTP/1.1
Host: localhost:8080
However, some applications are considered to be "thick clients", and cannot be configured to use a proxy. In such cases, "invisible proxying" (aka "transparent proxying") becomes an alternative method.
In this mode, Caido acts as the destination server, making the application unaware that it is communicating through a proxy. As a result, the application sends HTTP requests directly to Caido, without first sending a CONNECT
request. This behavior is similar to how reverse proxies like Nginx™ operate.
This means that Caido needs to listen on the same port as the destination server (typically 443
or 80
).
You will need to change your host DNS resolution (in the /etc/hosts
on Linux for example) and from there, revert the resolution back with a Caido DNS override.
Learn how to create DNS Rewrite rules.
INFO
View Traffic Splitting to gain a detailed understanding of how Caido selects the host and port to use when forwarding requests.