Language: English
10-12, 14:00–16:00 (America/New_York), Track 3 (205c)
Get ready to deep-dive into the inner workings of Caido with one of its creators from Workflows to Plugins without forgetting the GraphQL API. We will showcase many ways to customize Caido to your needs and build your own detections inside and outside the tool. Prepare your python and javascript setups, you will them!
The workshop is meant to cover the range of ways a user can customize Caido. It is mostly geared toward people that already use Caido and want to learn more about some of the advanced topics. It contains a lot of code (Python and Javascript).
The workshop is split in 3 sections. In each section we build the same sample "reflector" tool (checking for reflected parameters in responses), but in a different way each time.
- Architecture & Graphql: In this section we explain how to interact with the GraphQL API that is exposed by the proxy. We explain the logic we use to build our API and give tips/tricks on how to use it best. We also go over the client/server architecture since this is needed to understand how plugins run. We build a Python tool to interact with the API to build our "reflector".
- Frontend & Backend Plugins: In this section we explain how to use the frontend and backend SDK to build a plugin, how to package it and how to install it on your instance. All the coding of plugins is done in Javascript. We build a simple interface (frontend plugin) to interact with our "reflector" (backend plugin)
- Workflows: In this section we explain how to use the workflow system (nodes, execution flow, data flow, etc.). We showcase how to use workflows in other Caido tools like Replay and Automate. We also build a custom passive workflow for "reflector".
Emile was a freelance devops & backend developer for many years prior to starting Caido.
He always had a passion for security and working on Caido is the perfect combinaison of both!