HTTP Proxy

Strix includes Caido, a modern HTTP proxy built for security testing. All browser traffic flows through Caido, giving the agent full control over requests and responses.

Capabilities

HTTPQL Filtering

Query captured requests using Caido's HTTPQL syntax

Request Replay

The agent can take any captured request and replay it with modifications:

• Change path parameters (test for IDOR)
• Modify request body (test for injection)
• Add/remove headers (test for auth bypass)
• Alter cookies (test for session issues)

Python Integration

Proxy helpers are available to sandbox Python scripts through the image-baked caido_api module. This enables powerful scripted security testing:

import asyncio

from caido_api import list_requests, repeat_request, view_request


async def main():
    # List recent POST requests
    post_requests = await list_requests(
        httpql_filter='req.method.eq:"POST"',
        first=20,
    )

    # View a specific request
    request_details = await view_request("req_123", part="request")

    # Replay with modified payload
    response = await repeat_request(
        "req_123",
        modifications={"body": '{"user_id": "admin"}'},
    )
    print(response["status"], request_details is not None, len(post_requests.edges))


asyncio.run(main())

Available Functions

For one-off arbitrary requests, use shell tooling like curl — the sandbox's HTTP_PROXY env routes the traffic through Caido automatically, so it lands in list_requests and can be replayed via repeat_request.

Example: Automated IDOR Testing

import asyncio

# Get all requests to user endpoints
from caido_api import list_requests, repeat_request


async def main():
    user_requests = await list_requests(httpql_filter='req.path.cont:"/users/"')

    for edge in user_requests.edges:
        req = edge.node.request
        scheme = "https" if req.is_tls else "http"
        for test_id in ["1", "2", "admin", "../admin"]:
            url = f"{scheme}://{req.host}{req.path.replace('/users/1', f'/users/{test_id}')}"
            response = await repeat_request(
                req.id,
                modifications={"url": url},
            )
            print(req.id, test_id, response["status"])
            if response["status"] == "DONE":
                print(f"Replay completed for candidate {test_id}")


asyncio.run(main())

Human-in-the-Loop

Strix exposes the Caido proxy to your host machine, so you can interact with it alongside the automated scan. When the sandbox starts, the Caido URL is displayed in the TUI sidebar — click it to copy, then open it in Caido Desktop.

Accessing Caido

1. Start a scan as usual
2. Look for the Caido URL in the sidebar stats panel (e.g. localhost:52341)
3. Open the URL in Caido Desktop
4. Click Continue as guest to access the instance

What You Can Do

• Inspect traffic — Browse all HTTP/HTTPS requests the agent is making in real time
• Replay requests — Take any captured request and resend it with your own modifications
• Intercept and modify — Pause requests mid-flight, edit them, then forward
• Explore the sitemap — See the full attack surface the agent has discovered
• Manual testing — Use Caido's tools to test findings the agent reports, or explore areas it hasn't reached

This turns Strix from a fully automated scanner into a collaborative tool — the agent handles the heavy lifting while you focus on the interesting parts.

Scope

Create scopes to filter traffic to relevant domains:

Allowlist: ["api.example.com", "*.example.com"]
Denylist: ["*.gif", "*.jpg", "*.png", "*.css", "*.js"]