Skip to content

lambdasawa/caido-mcp-server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
cmd
cmd
 
 
internal
internal
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

caido-mcp-server

A Model Context Protocol (MCP) server that provides access to Caido proxy history. This allows LLM-based tools like Claude Code to browse and analyze HTTP requests captured by Caido.

Features

  • List requests with HTTPQL filtering
  • Get request details with field selection (metadata, headers, body)
  • Batch requests to fetch multiple requests at once
  • Body pagination with offset/limit for large responses
  • OAuth authentication with automatic token refresh

Installation

go install github.com/lambdasawa/caido-mcp-server@latest

Or build from source:

git clone https://github.com/lambdasawa/caido-mcp-server.git
cd caido-mcp-server
go build -o caido-mcp-server .

Usage

1. Install

go install github.com/lambdasawa/caido-mcp-server@latest

2. Authenticate with Caido

env CAIDO_URL=http://localhost:8080 caido-mcp-server login

This will:

  1. Open a browser to the Caido authentication page
  2. Wait for you to complete authentication
  3. Save the token to ~/.caido-mcp/token.json

3. Configure MCP Client

Add to your .mcp.json:

{
  "mcpServers": {
    "caido": {
      "command": "/path/to/caido-mcp-server",
      "args": ["serve"],
      "env": {
        "CAIDO_URL": "http://localhost:8080"
      }
    }
  }
}

4. Use with Claude Code

Once configured, you can ask Claude Code to analyze your proxy history:

  • "Find API responses containing PII (names, emails, addresses) that shouldn't be exposed to this user role"
  • "Compare responses between user A and user B to identify access control inconsistencies"
  • "Trace where this session token or object ID was first issued and how it flows through subsequent requests"

MCP Tools

caido_list_requests

List proxied HTTP requests with optional HTTPQL filtering.

Parameters:

Name Type Description
httpql string HTTPQL filter query
limit int Max requests to return (default 20, max 100)
after string Cursor for pagination

Example:

{
  "httpql": "req.host.eq:\"api.example.com\" AND req.method.eq:\"POST\"",
  "limit": 10
}

caido_get_request

Get detailed information about HTTP request(s).

Parameters:

Name Type Description
ids string[] Request IDs to retrieve (required)
include string[] Fields to include (see below)
bodyOffset int Byte offset for body content
bodyLimit int Byte limit for body content

Include options:

  • metadata - id, method, host, port, path, statusCode, roundtripMs, createdAt, isTls
  • requestHeaders - parsed request headers
  • requestBody - request body content
  • responseHeaders - parsed response headers
  • responseBody - response body content

Example:

{
  "ids": ["1", "2", "3"],
  "include": ["metadata", "responseHeaders"],
  "bodyLimit": 1000
}

Environment Variables

Variable Description
CAIDO_URL Caido instance URL (e.g., http://localhost:8080)

License

MIT

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages