Caido MCP Server

A Model Context Protocol (MCP) server that acts as a bridge to Caido, allowing AI Agents (like Claude, LangChain, etc.) to perform automated security testing and analysis.

🚀 Capabilities

This server connects to your local Caido instance (default port 8080) and exposes tools to:

View Request History: Analyze traffic captured by Caido proxy.
Send Requests: Forge and send HTTP requests via Caido's engine.
Scan for Mitigation: Run basic automated XSS/SQLi checks.
Get Findings: Retrieve reported vulnerabilities.

See MCP_CAPABILITIES.md for a detailed power list.

🛠️ Setup

Prerequisites:
- Node.js installed.
- Caido running (usually on port 8080).
- Caido API Token (Settings -> API).

Installation:

git clone https://github.com/FazcomIA/mcp-caido.git
cd mcp-caido
npm install

Configuration: Create a .env file in the root:

CAIDO_URL=http://127.0.0.1:8080/graphql
CAIDO_API_TOKEN=your_token_here
MCP_PORT=3000
MCP_API_KEY=mcp-dev-key

🏃 Usage

Start the server:

node server.js

Connect an AI Agent

The MCP server listens on http://localhost:3000/mcp/call. Required Header: X-API-Key: mcp-dev-key

Example Curl:

curl -X POST http://localhost:3000/mcp/call \
  -H "Content-Type: application/json" \
  -H "X-API-Key: mcp-dev-key" \
  -d '{"tool": "getStatus", "params": {}}'

🔒 Security

API Key: Protected by MCP_API_KEY.
Local Only: By default, runs locally. Be careful if exposing to a network.