Skip to content

Invisible Proxying

WARNING

Invisible proxying is disabled by default, view the guide on how to enable it.

Generally, applications can be configured to use a forward proxy to connect to their targets.

This is the case with Caido. By manually configuring the connection settings (or by using a browser extension such as FoxyProxy), we are able to proxy the traffic the browser generates, intended for a web server, through Caido.

Firefox proxying setup

When proxying in this "normal" context, the application will send a CONNECT request to establish a TCP tunnel before sending the request itself:

http
CONNECT https://example.com/ HTTP/1.1
Host: localhost:8080

However, some applications are considered to be "thick clients", and cannot be configured to use a proxy. In such cases, "invisible proxying" (aka "transparent proxying") becomes an alternative method.

In this mode, Caido acts as the destination server, making the application unaware that it is communicating through a proxy. As a result, the application sends HTTP requests directly to Caido, without first sending a CONNECT request. This behavior is similar to how reverse proxies like Nginx™ operate.

This means that Caido needs to listen on the same port as the destination server (typically 443 or 80).

You will need to change your host DNS resolution (in the /etc/hosts on Linux for example) and from there, revert the resolution back with a Caido DNS override.

Learn how to create DNS Rewrite rules.

INFO

View Traffic Splitting to gain a detailed understanding of how Caido selects the host and port to use when forwarding requests.