There has been some buzz around Caido recently – a contender to the Burp crown. Brackish Security testers recently sat down and tried Caido out on some real pentests. Our findings follow.
Keep in mind that Caido is still fairly new, while Burp has been in development and use for a very long time. Additionally, each tester spent less than two hours with Caido, which may have limited their experiences.
Caido Pros
- Modern look – Brackish testers preferred Caido’s more modern look and color coding of requests and responses.
- Pricing – At $10/month, once Caido reaches feature level parity with Burp, it will be the obvious choice.
- Project Management – Project management in Caido seems to be better.
- Remote Instances – Host it remotely, which allows lower resource devices to run Caido. We all know Burp is resource intensive.
Caido Cons
- Lack of Features – Caido is still new, and it lacks the features of Burp. To be clear, it lacks a lot of features. There are no plugins, actives scans, etc.
- Click to Adjust – Testers did not like the click to adjust features of panels within the application.
- No Built in Browser – Some people don’t consider this a con, but a built in browser can be very helpful.
- Slowness – Despite being written in Rust a couple testers felt that Caido was a bit slower than Burp, but this could have just been their machines or environments, too.
Verdict
Despite Caido being new and lacking features that make Burp stand out, it does seem promising and could very well takeover and becoming the King of OffSec Proxies. Caido does have a long way to go to reach feature parity with Burp, but the price difference does compensate somewhat. Furthermore, Burp has the whole Portswigger Web Security Academy training content behind – and that’s a lot of good stuff for the new folks.
Keep and eye on Caido, and maybe try it out to see what all the fuss is about. It’s always good to keep more tools in your chest! And bookmark this post, because we will update it as we use Caido some more.