Skip to content

Releases: c0tton-fluff/caido-mcp-server

v1.3.0

19 Mar 15:59
@c0tton-fluff c0tton-fluff
v1.3.0
7f33102

Choose a tag to compare

View all tags
v1.3.0 Latest
Latest

Monorepo restructure + shared packages

Changed

  • Merged CLI into main Go module (cmd/cli/) -- single go.mod, no more Caido-CLI/ directory
  • MCP server moved to cmd/mcp/
  • Extracted shared packages: internal/httputil (HTTP parsing, URL building, CRLF), internal/replay (session management, polling)
  • HTTP header parsing now preserves duplicate headers (e.g. multiple Set-Cookie)
  • Version injected via ldflags instead of hardcoded constant

Fixed

  • Atomic token file writes (temp + rename) to prevent corruption
  • URL scheme validation in openBrowser before passing to OS command
  • Default limit for caido_list_requests aligned to 20 (was 10, docs said 20)
  • Default limit for caido_list_findings aligned to 50 (was 10, docs said 50)

Build

  • go build ./cmd/mcp for MCP server
  • go build ./cmd/cli for CLI
  • Cross-compile: scripts/build.sh v1.3.0
Assets 10
Loading

v1.2.0

12 Mar 19:24
@c0tton-fluff c0tton-fluff
v1.2.0
8c9d881

Choose a tag to compare

View all tags
v1.2.0

What's new

Caido CLI

Standalone terminal client for Caido proxy -- no MCP required.

Commands: send, raw, history, request, encode/decode, status

Install:

curl -fsSL https://raw.githubusercontent.com/c0tton-fluff/caido-mcp-server/main/install.sh | TOOL=cli bash

Other

  • Cross-compile build script (scripts/build.sh)
  • Install script now supports both MCP server and CLI
  • Pre-built binaries for darwin/linux (amd64 + arm64)
Loading

v1.1.1

10 Mar 20:04
@c0tton-fluff c0tton-fluff
v1.1.1
c72daef

Choose a tag to compare

View all tags
v1.1.1

Fix malformed ws/wss URL error during authentication

Loading

v1.1.0

07 Mar 07:51
@c0tton-fluff c0tton-fluff
v1.1.0
c426aab

Choose a tag to compare

View all tags
v1.1.0

What's New

  • send_request returns response inline (status code, headers, body) - no extra tool calls needed
  • Response body polling with 10s timeout and fallback to get_replay_entry
  • get_replay_entry now supports bodyLimit and bodyOffset parameters
  • Token auto-refresh mid-session via callback (no more expired token failures)
  • Replay session reuse - single session per server lifetime with automatic fallback
  • IPv6 host support ([::1]:8080)

Changed

  • send_request output now includes requestId, entryId, statusCode, roundtripMs, parsed request/response
  • get_replay_entry defaults to 2KB body limit (matching get_request)
  • ParsedHTTPMessage and parseHTTPMessage extracted to shared http_utils.go

Removed

  • Unused urlEncode function from send_request
  • Unused RequestSummary struct from types
  • TaskID field from send_request output (not useful to LLM callers)

Full changelog: v1.0.0...v1.1.0

Loading

v1.0.0

30 Jan 06:56
@c0tton-fluff c0tton-fluff
v1.0.0
9a76e80

Choose a tag to compare

View all tags
v1.0.0

Caido MCP Server

  • MCP (Model Context Protocol) server for integrating Caido with AI assistants like Claude Code.

Tools (14 total)

  • Proxy: list/get requests with HTTPQL filtering
  • Replay: send requests, manage sessions
  • Automate: access fuzzing results
  • Findings: create/list security findings
  • Sitemap: browse endpoints
  • Scopes: manage targets

Setup

  1. Download binary for your platform
  2. Run CAIDO_URL=http://localhost:8080 ./caido-mcp-server login
  3. Add to MCP config (see README)

Requirements

  • Caido instance

  • Go 1.21+ (if building from source)

  • See README for full documentation.

Loading