Easy collaboration within Caido.
Demo Video
Drop enables easy collaboration with other Caido users over a fully E2EE channel. Immediately after install, Drop allows you to share the following objects with 1 click:
- Replay Tabs
- Match & Replace Rules
- Scopes
- Filters
- Workflows (COMING SOON)
- Files (COMING SOON)
- Findings (COMING SOON)
- HTTPQL Searches (COMING SOON)
Drop's encryption is done via PGP. We get the target user's PGP fingerprint when you add them as a friend (via share code), then we use the fingerprint to grab the full public key from a key server. All transferred data is encrypted using those public keys before hitting any public server.
NOTE: All messages will be stored on the server for a maximum of 7 days. Drop is not a storage mechanism, and all messages should be assumed to be ephemeral.
Sender
- Install Drop via the Caido Plugin Store
- Navigate to Settings and add your friend's share code
- Navigate to any of the aforementioned supported objects' page, and select your friend's name from the dropdown
Receiver
- Install Drop from the Caido Plugin Store
- Give your friend your share code
- Claim the object sent by your friend either via the notification at the top right, or via the
Received Messagestab in the Drop plugin interface.
To work, Drop requires a centralized server. The data that flows through the server is completely end-to-end encrypted using the target user's PGP public key, which is shared via the share code.
The code for the server is public, so you can host your own instance or use any of the public servers below.
The API Server code can be found here. Our database schema is as follows:
CREATE TABLE IF NOT EXISTS messages (
id INTEGER PRIMARY KEY AUTOINCREMENT,
from_public_key TEXT NOT NULL,
to_public_key TEXT NOT NULL,
encrypted_data TEXT NOT NULL,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
);
No unencrypted userdata is ever placed into the DB.
| Domain | Owner |
|---|---|
drop.cai.do |
Caido Labs Inc. |
Per the Caido Developer Policy, we are required to inform you that, for this plugin:
- External services are required for full access.
Drop requires a server to relay information from one user to another. The above public server is hosted by Caido Labs Inc. The default configuration for the plugin utilizes this service. No data is retained longer than 7 days. All data is E2EE with PGP.
