Caido

Proxying WSL Traffic

To send traffic generated by WSL to the Caido desktop application running on your Windows host, select Export from the CA Certificate Management options.

Then, change the listening address of the Caido desktop application to All interfaces (0.0.0.0).

The All interfaces (0.0.0.0) option.

Once the address is updated, ensure to close both Caido windows.

The next time Caido is launched, you may encounter a Windows Security prompt box. Click the Allow button to allow incoming connections.

Windows Security.

To configure the firewall rule manually:

  1. Open Windows Defender Firewall.
  2. Click on "Allow an app or feature through Windows Defender Firewall".
  3. Click on the Change settings button, click on the caido-cli checkbox to grant permission, and ensure the Private and Public checkboxes are selected.
  4. Then click on OK to update and save the configuration.
Windows Defender Firewall settings.

WSL

In WSL, copy the exported CA certificate from Windows:

bash
cp /mnt/c/Users/ninje/Downloads/ca.crt ~/ca.crt

Then, install the ca.crt file system-wide and update the certificate store with:

bash
sudo cp ~/ca.crt /usr/local/share/ca-certificates/ca.crt && sudo update-ca-certificates

To obtain the gateway IP address of your Windows host that Caido is listening on from WSL's perspective, enter:

bash
ip route show | grep -i default | awk '{ print $3}'
The gateway IP address output.

To test the network access, launch the Caido desktop application and issue a curl request with the -x <address:port> argument:

bash
curl -x 172.22.0.1:8080 https://example.com

Once the request is sent, you should see it within in the HTTP History traffic table.

Proxy Configuration

To configure your WSL CLI tools to proxy traffic through Caido, set the http_proxy and https_proxy environment variables to the listening address/port of the desktop application:

bash
export http_proxy="http://172.22.0.1:8080" && export https_proxy="http://172.22.0.1:8080"
Setting the environment variables and entering a curl command without the -x argument.

TIPS

  • To verify the rules exist, use: echo $http_proxy && echo $https_proxy
  • To remove the rules, use: unset http_proxy && unset https_proxy
  • Consider adding these environment variables to your ~/.bashrc file to make them permanent with: echo 'export http_proxy="http://172.22.0.1:8080"' >> ~/.bashrc && echo 'export https_proxy="http://172.22.0.1:8080"' >> ~/.bashrc
  • To remove both environment variables, use the following command and then close and reopen WSL: sed -i '/export.*_proxy=/d' ~/.bashrc