Year in Review 2025
Andrew Pratt
•
January 1, 2026
5 min read
In early 2025, we asked for community feedback in order to prioritize the implementation of the key functionality and improvements most important to you.
Thanks to your engagement, insight, and ongoing support, Caido is now more capable than ever.
Highlights
10 Major Releases
+29 Plugins (including: Scanner, Autorize, and GraphQL Analyzer)
Additional Learning Resources
+36,000 New Users
AI Integration
Releases: v0.45.0 - v0.54.0
Across 10 major releases, we added core functionality, refined existing functionality, optimized performance, implemented quality-of-life features, and addressed bug reports.
What's new?
In total, we addressed 277 features and bug fixes last year, including:
- HTTPQL for Intercept: Filter out the noise to find specific requests and responses.
- Invisible Proxying Support & DNS Overrides: View, capture, and modify traffic generated by clients without native proxy configuration settings.
- Guest Mode: Caido can now be used without an account.
- WebSocket Support: View, capture, and modify WebSocket traffic.
- Match & Replace Redesign: Quickly update, remove, or add query parameters and request/response headers with selective targeting.
- Workflow Testing: Test workflows directly from the UI to ensure they achieve the intended result.
- Jump to Row: Return to the selected row in the traffic tables to resume your assessment.
- HTTPQL History and Saves: Select from recently used filter statements or save them explicitly.
- Improved Findings: Write descriptions in greater detail with Markdown support and export custom findings either individually or in bulk.
- Replay History: View a list of each request in a Replay session or search for a specific one in a new drop-down menu.
View the changelog for additional details (SDK updates, developer features, bug fixes, improvements, etc.).
Plugins
A total of 42 plugins are now available, with 29 added last year alone.
Some of the most popular, new plugins of 2025 by installation count are:
| Plugin | Description |
|---|---|
| Scanner | Automatically detect vulnerabilities with Caido’s official, template-based vulnerability detection engine. |
| ParamFinder | Discover hidden parameters in request queries, bodies, and headers. |
| JWT Analyzer | Detect and assess JSON Web Tokens for security issues. |
| Workflows Store | Browse and install a variety of community-submitted and official workflows from a central repository to automate assessment tasks. |
| Autorize | Automatically identify authorization/access control vulnerabilities as you interact with a target with this official Caido plugin. |
| Squash | Minimize HTTP requests through the iterative removal of non-essential data. |
| Data Grep | Search for, match, and extract data from requests and responses with predefined or custom regular expressions. |
| Exploit Generator | Automatically generate proof-of-concept scripts in a variety of languages and frameworks. |
| GraphQL-Analyzer | Automatically discover schemas, visualize relationships, and assess security risks with an integrated GraphQL testing suite. |
| JXScout | Forward proxied requests to jxscout for JavaScript vulnerability analysis. |
| Drop | Securely share requests, scopes, filters, and more to collaborators with a single click. |
| YesWeCaido | View the details of both public and private programs available to you on the YesWeHack platform. |
| Compare | Detect differences and similarities between requests, responses, and files in a side-by-side comparison with visual highlighting. |
Additional Learning Resources
To help users become familiar with Caido, we have made numerous revisions to our existing resources and have introduced additional material.
Our documentation has been restructured to make it easier to install, configure and use Caido:
- Get Started: Provides installation and configuration instructions, as well as an overview of Caido's features.
- Guides: Addresses common tasks with step-by-step instructions.
- Tutorials: Features hands-on learning experiences that teach you how to use Caido through practical examples.
- Reference: Provides detailed technical information on Caido's features and capabilities.
- Concepts: Explains key principles to help you understand how Caido operates.
For those that learn best visually, we have uploaded several videos that demonstrate Caido in action in our Mastering Caido series.
In October, we launched our very own collection of labs and have partnered with the HackingHub platform to make them accessible to anyone interested in web security.
Certain labs already have accompanying tutorials and we plan to write tutorials for the rest in the near future.
Localized Pricing
This year, the Caido community doubled in size, and we're excited to see users around the globe using Caido to assist in digital security.
To make Caido more accessible to users regardless of location, we've begun adjusting subscription costs based on purchasing power parity relative to US pricing.
This pricing model is currently available to our users in Brazil and India, resulting in an approximate 50% and 65% price reduction respectively.
We plan to expand this approach to reflect economic conditions for users worldwide.
Shift
In July, we acquired the Shift plugin.
Shift integrates agentic AI models directly within Caido. With access to a variety of tools, these context-aware agents can carry out tasks in your security assessments while you investigate other leads.
By submitting prompts, written in natural language, Shift can be instructed to:
- Generate wordlists.
- Brute force values and monitor response changes.
- Modify requests and responses.
- Create match and replace rules against selected text.
- Find similar requests.
- And more!
Since the acquisition, we have implemented support for external LLM providers. You can now use your own API keys to select a model that best suits your immediate needs.
View the tutorial on how to operate Shift for additional details.
Team
To better address the needs of both new and existing users, we added five new members to the Caido team in 2025:
- +1 support and quality assurance officer: Kodai Kubono (@Kodaichodai)
- +1 documentation author: Andrew Pratt (@Ninjeeter)
- +2 plugin developers: Łukasz Tlałka (@bebiks) & Amr Elsagaei (@amrelsagaei)
- +1 frontend developer: Dorian Gauron (@michel_le_dev)
Partnerships
At the beginning of the year, we were excited to announce our partnership with ParrotOS. You can now use Caido in the Pwnbox environment on the Hack The Box platform.
Caido is now also native to Athena OS, Exegol, and is included in the rolling distribution of Kali Linux.
2026: Our Goals for This Year
In 2026, our focus is on completing the remaining core features users have consistently asked for and continuing to improve overall stability.
Planned work includes:
- Parallel request sending and race condition testing
- HTTP/2 support
- WebSocket replay
- Crawler functionality
Alongside these additions, we’ll be prioritizing stabilization to address our most impactful bugs and improve day-to-day reliability.