Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Caido MCP Serverscan testphp.vulnweb.com for XSS and SQL injection vulnerabilities"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Caido MCP Server
A Model Context Protocol (MCP) server that acts as a bridge to Caido, allowing AI Agents (like Claude, LangChain, etc.) to perform automated security testing and analysis.
๐ Capabilities
This server connects to your local Caido instance (default port 8080) and exposes tools to:
View Request History: Analyze traffic captured by Caido proxy.
Send Requests: Forge and send HTTP requests via Caido's engine.
Scan for Mitigation: Run basic automated XSS/SQLi checks.
Get Findings: Retrieve reported vulnerabilities.
See MCP_CAPABILITIES.md for a detailed power list.
๐ ๏ธ Setup
Prerequisites:
Node.js installed.
Caido running (usually on port 8080).
Caido API Token (Settings -> API).
Installation:
git clone https://github.com/FazcomIA/mcp-caido.git cd mcp-caido npm installConfiguration: Create a
.envfile in the root:CAIDO_URL=http://127.0.0.1:8080/graphql CAIDO_API_TOKEN=your_token_here MCP_PORT=3000 MCP_API_KEY=mcp-dev-key
๐ Usage
Start the server:
node server.jsConnect an AI Agent
The MCP server listens on http://localhost:3000/mcp/call.
Required Header: X-API-Key: mcp-dev-key
Example Curl:
curl -X POST http://localhost:3000/mcp/call \
-H "Content-Type: application/json" \
-H "X-API-Key: mcp-dev-key" \
-d '{"tool": "getStatus", "params": {}}'๐ Security
API Key: Protected by
MCP_API_KEY.Local Only: By default, runs locally. Be careful if exposing to a network.
This server cannot be installed
Resources
Looking for Admin?
Admins can modify the Dockerfile, update the server description, and track usage metrics. If you are the server author, to access the admin panel.