in this video we're going to take a look at kaido which is a new web proxy tool similar to burp Suite it's currently in the beta phase so I just decided to install it the other day and see how it Compares there's obviously a lot less features and functionality than burp but it's written in Rust rather than Java and the interface looks quite nice as you can see on the screen in the screenshot so let's go and take a look at it see what's different see how we can install it and how we can use the various functions within it and see what the advantages disadvantages are compared to burp bearing in mind that I'm not an expert in Burt myself there's a lot of functionality that I don't use there's a lot of apps and things which um unfamiliar with so there might be a lot of things that I don't pick up on in terms of difference and also with it being a new tool I don't expect the functionality to be anywhere near as extensive as burp is which has been a long time probably the most popular web proxy for pen testers and Bug Hunters um without the way let's go and see how we can install it and then take a look [Music] so I've moved over to the dashboard I had to log in in order to get to this page I'm using the Community Edition so this is free just like burp Suite however with burp Suite you're able to just install the application or just run the jar file and create a project and use it as a proxy whereas with kaido you actually have to be logged in so I did I tried to install this a couple of days ago and whenever I did install it I just tried to use it as a proxy and just browse through websites and it doesn't actually let you even browse unless you log in so that's one kind of annoying thing which I found immediately I don't think that's a great feature um but let's take a look anyway you've got various install options I used the Linux I use the Linux desktop Debian so there's various options here I'm just gonna double you get that and then do sudo dpkg-i to install well install it doesn't take long and then we should be able to just run it with kaido and there you go you see that popped up we've got this local instance setup which is set to the Local Host on port 8080 that's the same as burp by default so let's hit start and you'll see host support is already in use that's because I have burp Suite running so I'll close down burp and let's try that again now it loads okay so you see it pops up here you must be logged in to access the instance so we have to log in I'm actually already logged in but it's not going to let me through because I have foxy proxy at the moment to set this to go through the proxy and the proxy is currently not able to browse without being logged in so let's disable the proxy try to reload the page and hopefully this will all right we've got to create an instance so I'll just call this test allow all right there we go so now that we're logged into the web server we can also use the proxy you can see now it's going to come up with some help information telling us where you can create a project okay another slightly annoying thing here actually which if I'm not mistaken if I go back here and put the foxy proxy back on to burp so all this is doing is saying we want to proxy all the data through 127.0.0.1 on poor 8080 so you can go and set this up manually in your Firefox options but foxy proxy makes it easy to swap between different ones so if you're using Dynamic port forwarding with SSH then you can easily swap between different ports anyway set that to burp let's reload the page and you'll see we've got a message here I think this is because we need the certificate Authority so similar to burp Whenever you set up burp you have to download this CA certificate I'm going to do that here as well it gives you some instructions on how to do it let me just save that to the desktop and let us go into the Firefox options into security and down to view certificates and then we need to import this as an authority and we obviously have to do this because it's the proxy is going to be intercepting our requests and our responses which is essentially like a man in the middle attack if we're not the ones who are authorizing it then you would want to see this kind of error with that anyway hopefully if I refresh the page again now we get another message proxy encountered an unhandled error could not acquire a connection to the database have you tried selecting a project first so again a bit confusing to me is in burp sweet you can just like well I guess you do have to kind of you do an unsaved project or you can load a project or create a new project but I don't know it seems like you have to do quite a lot of steps here just to be able to browse so let's go and create a new project next okay new project and again I'll just call this test I'm not really sure I guess if you were doing some bug hunting maybe you would put in the the program name or something like that and then you can separate your targets maybe you'll be doing ctfs on one of the projects and you'll be doing bug bouncy on another um but if we do that anyway reload the page again and hopefully this time it goes through that looks okay you can hopefully see if we go to a site map we have then the various domains the various subdomains of kaido and we can basically go through these in this tree-like structure so my first thoughts here are the interface looks really nice so this looks a lot nicer than burp Suite it's written in Rust which generally tools written in Rust seem to be quicker well I noticed particularly in comparing rust to python but I don't know whether this is quicker than burp Suite I did notice a few times whenever I was playing with it the other day that sometimes whenever I was going from tab to tab it would actually freeze for like one or two seconds between just to load the tab and my PC fans were going pretty hard which doesn't happen with burp suite and I wasn't doing anything you know resource intensive but um you can also change the layout here as well I like this in a sense I kind of just hoped that there would be little bars here just to drag the options anyway there isn't you have to go into this edit layout mode and then you can resize and then you can move them across but this actually means you don't have that much granularity because look if I try to move this to here you know you can only can you can probably see the gap between that like I can't I can either have it like this or I can have it like this this is this that's the as much control as you have and it also means that if you are trying to resize things it's quite hard to get things to be a uniform size now if I take this one here that doesn't look too bad I think this one on the left is a little bit bigger than the one on the right again just a little bit I like the idea but I just don't know if it's working as well as it could be but anyway we just clicked that again anyway and that takes us back to the main page let me go to the Integrity January challenge so this is a web challenge is a challenge every month and you can win some swag vouchers for your write-ups and submissions this will be the video solution for this will be up by the time that this kaido video is up so there's no worries in me spoiler knife in here although I won't go through the full challenge let me open this in a new tab now if we go back to kaido we can have a look at our site map again we've got the integrity.io we can go down into our Challenge and again we've got a request here we've got a response on the right I really like the colors I really like the fonts they all look really nice similar to burp Suite we can right click here and go right click Send to and we can send it to the replay which is like the repeater or automate which is like the Intruder and we can copy the URL that's that's the only thing we can do there is we've got very little options really I think on the we can't even right click on the response so there's a lot of things that you can do in burp which clearly aren't going to be possible yet in kaido so it's worth bearing in mind we've got a forward tab here as well you see it says we don't have any requests queued up so at the moment this is just forwarding all requests but if I hit if I click on that it'll send change that to Q in and now if we refresh the page this is basically queued and if I try to refresh another page this is added to the queue as well now this is one thing I like because in The Intercept tab on Burp Whenever you set requests to intercept they are intercepted one by one and you process them in the queue whereas in this case it actually queues them up and you can just go and say I want to forward that second request that I intercepted and not do anything with the first request which as far as I'm aware isn't possible in burp or at least doesn't seem to be this easy so again we can drop requests we can forward them we can go and modify the requests and then forward I'm just going to drop those we can right click and we can format it as Json let's do that okay there was no data in there I guess or post requests it'll do that we can again right click we can send it to replay let me do that actually with this friend search one so that goes through again we can right click it we can send to replay I'm going to turn off the queue in so they all just go through we've got the intercept as well which it has all of our requests in there we can just browse through our request history we can again right click Send to if we want to let's go into replay and here one thing that's new as well we have this collections option so we can create new Collections and we can basically group together requests I guess it'll be good if you're working on multiple targets at once and similar options here then we can just go and modify this we can hit send so we can send that we could go and add in some headers or change some headers and send again and based on our input we just have a look and see does the response look any different again not many options here on the response I can't even right click on the window so it's just basically a case of repeating the requests similarly we can go through to automate actually let's go and do it with an actual useful requests like we've got this search here so I'm just going to search for test and you can see here undefined has undefined friends so we'll go back to our sitemap or we can go to our intercept tab as well take this one and we'll send that to automate let's go to the automate tab again we've got sessions in here looks quite similar to the collections and we can go and set something here so say we wanted to try and Brute Force this name we can click Mark very similar to burp it's basically just allowing us to select the various options we want to brief Force we can select an attack strategy it names the attacks differently here which means that it's quite hard to invert whenever you select one of these it'll actually tell you how the attack works but they have different ones like Pitchfork and I'm forgetting them now but um you have like four different ones in burp as well and then you can select your payload in this case we've only got one payload but if we had more we'd be able to select multiple and then give it a simple list or a hosted file or null so very limited options here at the moment let's say simple list and we can load this in there's no options for payload processing so burp has a lot of functionality in terms of like matching content in responses in terms of replacing and reformatting things so you can do a lot of stuff in burp which isn't going to be possible here but let's try and looks like we can only load here as well so you can't paste anything in it looks like you'll need to create a text file with some entries in it and then load that in here as well so let's do that as an example I'm going to open up sublime and we'll just call this users.txt let's put in here admin and roots administrator or your usual the first things that you'll try save that and we'll try to load this users.txt loaded you can remove element send one by one as well and let's hit start and there you go it runs through the three requests we can select each one and we can have a look and see what the response is they came back with nothing in these cases maybe we should have created a user to give it an example as well let's go to login here let's create a user called crypto that just logs Us in and then let me add the user crypto we'll load that into kaido again I'm not sure how I do that let me close that yeah okay so just close that Tab and let's remove those because I don't think we can I think it would have duplicated some if I just loaded that again and we'll hit start this time it runs through the four of them and crypto comes back with this username crypto friends92 so you can see the difference in the responses there okay let's take a look at the tamper oh the tamper is set up to match and replace so this is a functionality which is in burp as well I didn't really look at this one too much the other day let's take a look at the documentation for tamper notice that even the documentation I had a look at this automate tab the other day and it's a work in progress there's actually nothing in automate for now but if we have a look at tamper we can create rules here to basically replace stuff so for example headers things in the request body request first line Etc so if you wanted to change your user agent for example on all requests you could basically set up a rule in here to say that the user agent each time you want to replace the Mozilla 5.0 with I don't know Integrity tests sometimes you'll do if you're doing a bug Bounty program sometimes the programs will want you to use a specific header to indicate that you're a security researcher as well as specific usernames and things like that so sometimes you might actually put in your user agent Integrity if you hack it on an Integrity program so again similar to some of the functionality it's going to be nowhere near as fine grained so you're not able to do as much with a but that's the option we have here we can also create collections to group these rules together we've got a converter quite Limited at the moment we've got this base64 URL HTML and you can select multiple as well so we can add base64 and URL and then if we put something in here test you can see that it's base64 encoded it and then URL encoded it which has turned these equals into the percentage 3D presumably they'll add a lot more here I know that burp has a lot of formatting options and it has extensions like hackverter which can deal with a lot of different formats and chaining as well we've got history which I think is just like The Intercept tab but if the intercept tab if we want to clear these in fact I don't actually see how we clear them I think oh control and a selects everything I don't like that um okay I think they need an option here to right click and clear the window which I don't see yeah there's not even an option to delete okay so I'm not really sure what the difference is between intercept and history I thought maybe intercept would be the history but you'd be able to clear it whenever it gets too full and then the history would just be like a logger which keeps all of those requests regardless but maybe they've just not added that functionality up and then we've got the scope so we can actually go and set up a scope here so we can create a preset we can say what the domain names are that are in scope and we can also do out of scope as well and what I do like here which I didn't see which I haven't seen on burp is that you can once you've set up the scope you can basically set up different presets and you could quickly swap between them so if you're hacking on multiple targets at once say multiple bug Bounty programs or a bug Bounty program and a CTF then you could go and just quickly swap between those Scopes and it'll update all of these URLs based on what's in scope some other options that we have then at the bottom we've got this files option where we can drag and drop files I don't think you can actually do much with this at the moment it says that files you upload here will be available for use in Pages such as automate I think that's the only place they're usable let's try and add the users.txt so you can load that and then whenever we go into automate if we're doing that Brute Force we can select that now as a hosted file and see their users.txt we've also got the projects we can set up multiple projects we've got some settings I don't think there's too much in here graphql playground okay we can write queries and mutations here that's interesting we also have feedback okay so that's it and then we can collapse the menu and I think that's about it at the moment there is a road map if you go on to the documentation I'm not seeing it right now is it over here I guess maybe you just need to go to the GitHub and you'll see that they have then the list of features that they're working on for the next release so you can go and keep an eye on that I guess make suggestions in terms of what you'd like to see added but for now that seems to be most of the functionality my main complaints are that you have to log in you have to create a project in order to even intercept traffic the edit layout is nice but I think it could be better um looks like you can't actually use it on this page either and I although it feels quite smooth going through this at the moment there were times the other day when I was using it where it just took a long time to even click between tabs so maybe that was just me maybe it seems to be working okay now people can maybe let me know how they get on with it and they experience any of these problems but the interface is really nice really like all the colors the fonts everything looks a lot nicer than burp obviously it's missing a lot of functionality being a beta program some of the other advantages as well there's no rate limit in the moment on the automator so if you're not using but Pro which is quite expensive if you're a student or an independent researcher then the requests are severely limited I think it's after you get to 100 requests on Burp Intruder they start to like exponentially get Limited that doesn't happen at the moment in kaido I guess it probably will happen in future once the once the software is not in the beta stage but that's something which cool also this scope option I really like that it'd be cool for burp to port swigger to take note on some of the these features and maybe look at introducing them into burp suite and apart from that I also really liked how it queued the requests if you remember whenever we set this to Q it'll cue all the requests here so you don't have to deal with them one by one you can actually go and select which one you want to forward drop or edit anyway I think that's about it that's my initial impressions of kaido if I missed any cool functionality then let us know in the comments or if there's any major disadvantages to using kaido compared to burp Suite or vice versa I'll be interested to hear from you and any general questions or comments leave them down below thanks [Music]