Caido Exploit Generator Plugin

tl;dr: A quick multi-language Proof-of-Concept exploit script generator plugin for Caido.

Transform intercepted requests into ready-to-use exploit scripts instantly! This powerful plugin streamlines the penetration testing workflow by automatically generating clean, executable proof-of-concept (PoC) code in multiple languages and frameworks.

🚀 Key Features

• Multi-language Support: Generate exploits in Python, JavaScript and Bash/cURL (more languages coming soon!)
• Instant Generation: Convert any intercepted or edited request into working exploit code
• Clean Code Output: Get properly formatted, production-ready scripts
• Framework Integration: Uses popular frameworks like Requests, fetch etc.
• Smart Request Parsing: Automatically handles headers, parameters, and content types

Perfect for security researchers, penetration testers, and bug bounty hunters who want to quickly validate and demonstrate vulnerabilities. Save time on exploit development and focus on what matters - finding security issues!

💡 Feature Requests

If you have a language or framework you would like adding please open an feature request.

The intention with this plugin is to make it as simple as possible to add more languages and frameworks via user-defined templates.

🛠️ Usage

1. Install the plugin from Caido's plugin store (or download the zip from the releases page) and install in Caido
2. Right-click on a request in Caido
3. Select the Exploit Generator
4. Choose your desired payload type from the dropdown
5. The plugin will automatically generate the appropriate proof of concept code

📸 Screenshots

1. Trigger: The context menu is shown when right-clicking on any request or on an item in history:

2. Generate: Use the exploit generator to create and modify your PoC:

3. Use: Copy or download the generated exploit.

📜 Output Example

See below for some examples of the generated exploit scripts from a request:

Python / Requests

import requests

url = 'https://stealthcopter.com/testing/endpoint'

headers = {
    'Cookie': 'secret=155ee356-23a6-11f0-af46-678665dcd42c',
    'X-Forwarded-For': '127.0.0.1'
}

data = {
    'action': 'delete',
    'csrf': '7e5dbebc12',
    'file': '/etc/passwd'
}

r = requests.post(url, headers=headers, data=data)

print(r.status_code)
print(r.text)

JavaScript / Fetch

const url = 'https://stealthcopter.com/json/store/v1/checkout?_locale=en'

let body = JSON.stringify({
  "billing_address": {
    "first_name": "Test",
    "last_name": "Testerton",
    "company": "",
    "address_1": "123 Addressington Lane",
    "address_2": "Testington upon Twine",
    "city": "Biscuiton",
    "state": "CA",
    "postcode": "14125",
    "country": "US",
    "email": "hello@stealthcopter.com",
    "phone": "123456789"
  },
  "create_account": false,
  "account_no": 2857915,
  "customer_password": null,
  "payment_data": [
    {
      "key": "new-payment-method",
      "value": false
    }
  ]
})

const options = {
    method: 'POST',
    headers: {      
      'Content-Type':'application/json',
      'Cookie': 'PHPSESSID=vmnuns3bgtvf69nbs7ne4vjt9o;',
    },
    body: body,
  }

try {
  const response = await fetch(url, options)

  console.log('Status:', response.status)
  const responseBody = await response.text()
  console.log('Response:', responseBody)
} catch (error) {
  console.error('Error:', error)
}

Bash / Curl

curl -X POST \
     -H 'Cookie:secret=155ee356-23a6-11f0-af46-678665dcd42c' \
     -H 'X-Forwarded-For:127.0.0.1' \
     -d 'action=delete' \
     -d 'csrf=7e5dbebc12' \
     -d 'file=/etc/passwd' \
     'https://stealthcopter.com/testing/endpoint'