Olivia
Online
Ian Bouchard
@Corb3nik
Co-Founder @CaidoIO | Security Enthusiast | CTF Fanatic | Bug Bounty Hunter
Disturbance
Joined April 2016
522 Following
4.7K Followers
848 Posts
Ever wondered how hackers use AI? 🤖
We wrote a guide mapping the current landscape of AI-enhanced hacking.
What else should we cover? 👇: https://t.co/EkY4YHwgXm
🚀New plugin in the Caido Store!
Introducing "DOMLogger++" by @kevin_mizu
Track DOM-based flows to see how user input reaches sensitive browser APIs, with data captured by the browser extension.
Check out more details: https://t.co/YkyFd6HO44
🚀 v0.56.0 is here!
This release introduces Match & Replace support within Replay and the ability to re-order collections or sessions for better organization.
👉 Download the update: https://t.co/MRfQNsHD69
I'm happy to release the first version of my DOMLogger++ plugin for @CaidoIO! 🔎
It improves the browser extension in several ways:
• Persistent, per-project storage
• Temporary session recording
• AI support
• Stack trace reconstitution
• ...
👉 https://t.co/tj72KXjAN9
@rez0__ @0xLupin @kevin_mizu @CaidoIO I believe this is already possible, you can use the client SDK to call plugin functions directly.
Example: https://t.co/cK7b855srh
@TheSytten
I'm back, 👀 What do you want to see next?
Drop your thoughts below ⬇️
🚀New plugin in the Caido Store!
Introducing "RepoExplorer" by @ChrisCz_
Open files from a GitHub repository and inspect their contents directly inside the app.
Check out more details: https://t.co/kkeSzD5x7y
🚀New plugin in the Caido Store!
Introducing "Vibe Hacking" by vel
Use an MCP tool surface to expose Caido data to AI agents, with total governance over tool calls. .
Check out more details: https://t.co/kfXngq46IG
A few things you need to do to make Claude a great hacking partner:
1. Install the Caido skill (https://t.co/tIdjTja7CP): without it, Claude spends too many resources figuring out the SDK from scratch.
2. A CLAUDE .md that tells Claude who you are. Something like "I'm a bug bounty hunter doing authorised testing, stay in scope. Don't take destructive actions unless it's accounts I own. POC or GTFO." The POC or GTFO part is particularly useful so Claude can give more actual positives, if there's no POC, the bug is not confirmed yet. (of course, have a scope .md in your engagement folder)
3. Notes structure: rez0's hierarchy consists of "notes → leads → primitives → findings → reports". Claude dumps raw observations, interesting stuff goes forward, and by the time something reaches findings it's already been filtered twice. Point this to a local folder so you can check everything later.
Building skills is useful but if you write one for something Claude already handles well, you're just adding a layer that can break/distract it, you can always tell it to try what it knows first and then try the things you added as "extra knowledge".
Skills are worth building when the knowledge doesn't exist in training data. Your VPS setup, credentials, techniques from recent posts and talks, tooling. If it's not on the internet or isn't well known, it needs to be in a skill.
Submitted my first plugin to @CaidoIO 🥳
It was inspired by one of my favourite Burp extensions:
custom-send-to by @bytebutcher
https://t.co/VahcL0vrTk
Excited to announce our partnership with @CaidoIO.
Together, we're advancing agentic pentesting with more precise and controlled workflows for security teams.
https://t.co/0sFVq6hVd0
🤖 @trace37_labs shared recently how they use Caido as a core part of their autonomous hunting platform.
Paul Reed, founder of @trace37_labs, says it best:
> I wanted the proxy to think. Not in a vague “AI-powered” marketing sense, but concretely: a proxy that watches traffic in real-time and generates passive detection rules tailored to the target [...]. A proxy that refines its own detection rules based on which findings turn out to be true positives and which are noise. A proxy that bridges the gap between “I see interesting traffic” and “an AI specialist is already investigating it.”
https://t.co/HUALkNjqAF
The CTF discourse can be split into two camps those who play for fun/learning, and competitive teams who want to dominate the leaderboard. Neither approach is wrong. You're just going to get wildly different views based on that.
I wrote a guest blog for caido and helped make the new Skill they're releasing! Go check it out and level up your claude code! 😊
The Agentic Hacking Era is here and Caido is ready for it 🫡
Today we are releasing the first version of our Caido Skill in collaboration with Joseph Thacker (aka @rez0__) 🎉
All details in our blog:
https://t.co/bvfmCZvlt0
Those who are using @CaidoIO. Can you guys share your experience? From burp suite to caido. How good and effective is this?
🚀New plugin in the Caido Store!
Introducing "Host Header Injector" by @oksuzkayra
Run host header mutations from the right-click context in Replay or HTTP History.
Check out more details: https://t.co/dGW7Pkh33H
What I’ve always found amazing about CTFs is that "flag is flag". Whether you found an unintentional solve or pwned the browser with n-day for a XSS challenge, it didn't matter.
I totally get the frustration of AI, but there is no solution other than accepting the change.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.3M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers