Discover hidden parameters straight from Caido!
- In your Caido, go to the Plugins page
- Navigate to the Community Store
- Search for ParamFinder
- Click Install
- Done! 🎉
- Navigate to the Releases page
- Download latest
plugin_package.zip
- Go to the Plugins page in your Caido
- Click 'Install Package' and select downloaded
plugin_package.zip
file - Done! 🎉
The fastest way to start ParamFinder is using the keyboard shortcut (customizable in Caido Settings → Shortcuts).
Open Caido's command palette and type 'Param Finder' to see available commands:
- Param Finder [QUERY] - Discover parameters in URL query string
- Param Finder [BODY] - Find parameters in request body
- Param Finder [HEADERS] - Search for header parameters
- Param Finder [ADVANCED] - Open advanced scan dialog with custom options for parameter discovery
Right-click on any request in Caido to start parameter discovery from the context menu.
You can create custom shortcuts for ParamFinder actions in Caido Settings → Shortcuts.
-
Upload a Wordlist Before starting, make sure you have at least one wordlist uploaded and enabled in ParamFinder settings. The wordlist should contain potential parameter names to test.
-
Select a Request Choose a request from your Caido history that you want to test for hidden parameters. This will be your base request for parameter discovery.
-
Choose Attack Type Select where to look for parameters:
- QUERY - Tests parameters in the URL query string
- BODY - Tests parameters in the request body (JSON or URL-encoded)
- HEADERS - Tests for custom header parameters
-
Monitor Progress ParamFinder will start testing parameters and show results in real-time. You can:
- View discovered parameters in the Findings section
- Copy or export found parameters
- Pause/Resume or Cancel the discovery process
Feel free to contribute! If you'd like to request a feature or report a bug, please create a GitHub Issue.