Caido v0.48.1 released, now including guest sessions

UPDATE

Short after, version 0.48.1 has been released.

This is a patch release to fix an issue where the app would display an available update when you’re at the latest version. This release also includes other bug fixes and improvements.

See the complete changelog here.

Original news:

Caido, a growing alternative to Burp Suite or OWASP Zap written completly in Rust, has just released their latest version (0.48.0).

This release brings highly requested features such as automatic updates, guest mode, and WebSocket interception, along with many quality-of-life improvements.

Guest Mode

Users can now access Caido without an account by using guest mode. Guest sessions are limited to temporary projects and allow only one installed plugin.

Automatic Updates

Desktop users on macOS, Windows, and Linux (experimental for .AppImage and .deb) will now be notified when an update is available. Click once to download in the background, then again to install the update.

WebSocket Interception

You can now intercept and edit WebSocket messages directly from the Intercept page, just like with HTTP requests.

Additional Features

Sitemap keyboard navigation: Adds keyboard support for navigating the sitemap.
Allow delete of node in sitemap: Users can now delete nodes directly from the sitemap.
Clear sitemap items: Adds an option to clear the entire sitemap.
Intercept websocket: Introduces the ability to capture and modify WebSocket traffic.
Highlight matching brackets in editors: Improves code editing experience by visually matching brackets.
Persist headers when following redirect: Ensures HTTP headers are maintained across follow-redirects.
Add unlimited/max timeout in shell node: Increased the max execution time of shell nodes to 24h
Copy multiple URLs on select: Users can now copy multiple request URLs at once.
Close Others, Close right, Close Left when Right-Clicking on Replay Tabs: Provides enhanced tab management options with right-click actions.
Replay Tab Search Box Indexing: Searching in the replay collections will also match the request path/method/host/sni
Temporary Workspace: Lets users spin up disposable projects.
Navigate to Websocket Stream: Enables quick navigation to related WebSocket streams from a request.
Support Zero-Padded Numbers as a Payload Type: Adds support for zero-padded numbers in automate payloads.
Allowlist of domains that can access the Caido API: Adds a security feature to restrict API access to trusted domains.

Bug Fixes

Highlight issue in pretty: Fixes incorrect highlights in the prettified request/response editors.
Filter Presets Are Reset to the Off State When the Window Reloads: Resolves an issue where filter presets are not preserved on page reload.
History table shows "Loading..." when deleting entries and scrolling to the bottom: Fixes a bug where the table gets stuck in a loading state during entry deletion.
Commands executed with the WSL shell don't receive environment variables: Ensures environment variables are correctly passed to the shell workflow node when using WSL.

Plugin SDK

Backend SDK
Define ToString on Several Types: Improves developer experience by implementing .toString() on multiple internal types.
Allow SDK env to set variable of any environment: You can now update variables assigned to any environment.

Frontend SDK
Register codemirror extensions to HTTP history request editor: Adds support for extending the request editor using custom codemirror extensions.

The complete changelog can be seen here.

• News
• Tools