Caido

Passive Type Workflows

For general documentation on utilizing the Workflows tab - click here.

Passive Workflows take requests or responses as input. Their execution occurs in the "background" as you conduct your testing, extending the efficiency of your process.

Using Passive Workflows

Passive Workflows are automatically triggered when their specifications/conditions are met. If the specifications/conditions of the Workflow are not met throughout every step of the Workflow - the Workflow will stop processing the request/response. These specifications/conditions are set by Nodes and include prerequisites such as:

  • If the request/response is within a set Scope.
  • If the request/response is a match according to HTTPQL syntax.
  • If the prior Node's specification/condition evaluated to True or False (Boolean value).

Creating a New Passive Workflow: Applying Color to In-Scope GET Requests Workflow Example

TIP

This example Workflow is available for download and import. Click here to download.

INFO

In this example - the Workflow created will color highlight GET requests within the HTTP History tab if they are within the Project's Scope.

Navigate to the Workflow Editor for the Passive type by following these steps:

  • Select the Workflow tab from the left-hand menu within the Caido window.
  • Select the Passive tab.
  • Click + New Workflow.
  1. Enter an arbitrary name for your Workflow.
  2. (Optional) Enter a description of the workflow.
  3. Click Save.
Passive set color example.
  1. Click, hold and drag the In Scope, Matches HTTPQL, If/Else and Set Color Nodes into the pane directly right.

TIP

The On intercept request and Passive End Nodes are already included by default. Passive Workflows do not require an End Node in order to function properly. However, it is recommended that you include it for flow readability.

  1. Drag the Nodes into the top-down heirachical structure displayed. Connect them together by making Node Connections.

Node Relationship Explanation: Applying Color to In-Scope GET Requests Workflow Example

The flow of the example Workflow provided above is described below:

On intercept request Node in example Passive Workflow.
  1. On intercept request - this Node "Triggers a workflow when a request passes through the proxy":
  • It's output is the request object itself.
  • This output is referenced by the Alias.Property syntax of $on_intercept_request.request.
In Scope Node in example Passive Workflow.
  1. In Scope - this Node "Checks if a request is in scope":
  • It takes the output of $on_intercept_request.request as the value of it's Request input property and checks if the Host of the request is included in any Scopes you have set in the current Caido Project.
  • This Node's output is $in_scope.result.
Flow of In Scope Node in example Passive Workflow.
  • If True (the request Host is in scope), then the flow will proceed to the Matches HTTPQL Node.
  • If False, the flow will proceed to the Passive End Node, ending the action flow against the request since it did not meet the set criteria of the Workflow.
Matches HTTPQL Node in example Passive Workflow.
  1. Matches HTTPQL - this Node "Matches a request/response against an HTTPQL query":
  • The query used in this Workflow example is req.method.eq:"GET".
  • It uses the output of $on_intercept_request.request from the On intercept request Node as the value of it's Request input property.
  • This Node's output is $matches_httpql.matches.
  • The query will check if the request method used is GET for all the requests that are in scope.
If/Else Node in example Passive Workflow.
  1. If/Else - this Node "Branches off based on a condition":
  • It uses the output of $matches_httpql.matches as the value of it's Condition input property (select the Use reference checkbox).
  • If the request satisfied the HTTPQL query (the request was an in scope GET request), the output of this Node evaluates to the Boolean value of True.
  • Else, if the request did not satisfy the HTTPQL query (the request was not in scope/used another method other than GET if it was in scope), the output of this Node evaluates to the Boolean value of False.
Flow of If/Else Node in example Passive Workflow.
  • If True then the flow will proceed to the Set Color Node.
  • If False, the flow will proceed to the Passive End Node, ending the action flow against the request since it did not meet the set criteria of the Workflow.
Set Color Node in example Passive Workflow.
  1. Set Color - this Node "Sets the row color of a request":
  • It will apply the color to the row within the HTTP History tab.
  • The Color input property takes the value of a color's Hex code.
  • This will be the color used to highlight any requests that have reached this Node within the Workflow by applying it to the request object produced by the output of the On intercept request Node of $on_intercept_request.request.
Passive End Node in example Passive Workflow.
  1. Passive End - this Node "Ends the passive workflow", bringing the workflow to a finished state.

In summary:

"If the Host of a proxied GET request is within a scope I have set, highlight the request in the HTTP History tab feed in navy blue. For all other requests, exit the Passive Workflow."

Results: : Applying Color to In-Scope GET Requests Workflow Example

Passive set color result.

INFO

The color Hex code used in this example: #185a6c