Linking labs

.vitepress/components/Lab.vue

@@ -0,0 +1,58 @@
+<script setup lang="ts">
+interface Lab {
+  name: string;
+  url: string;
+}
+
+withDefaults(
+  defineProps<{
+    message?: string;
+    labs: Lab[];
+  }>(),
+  {
+    message:
+      "Learn how to use this feature in hands-on, simulated training environments: ",
+  },
+);
+</script>
+
+<template>
+  <div class="c-lab info custom-block">
+    <p class="custom-block-title">🧪 CAIDO LABS</p>
+    <p>
+      {{ message }}
+      <template v-if="labs.length === 1 && labs[0]">
+        <a :href="labs[0].url">{{ labs[0].name }}</a>
+      </template>
+      <template v-else>
+        <ul>
+          <li v-for="(lab, index) in labs" :key="index">
+            <a :href="lab.url">{{ lab.name }}</a>
+          </li>
+        </ul>
+      </template>
+    </p>
+  </div>
+</template>
+
+<style scoped>
+.c-lab {
+  position: relative;
+  backdrop-filter: blur(10px);
+}
+
+.c-lab::before {
+  content: "";
+  position: absolute;
+  inset: 0;
+  border-radius: 8px;
+  border: 2px solid transparent;
+  background: linear-gradient(140deg, rgb(219, 51, 234), rgb(59, 209, 246))
+    border-box;
+  mask:
+    linear-gradient(#fff 0 0) padding-box,
+    linear-gradient(#fff 0 0);
+  mask-composite: exclude;
+  pointer-events: none;
+}
+</style>

.vitepress/theme/index.ts

@@ -6,6 +6,7 @@ import DefaultTheme from "vitepress/theme";
 import Icon from "../components/Icon.vue";
 import Mermaid from "../components/Mermaid.vue";
 import ProContainer from "../components/Pro.vue";
+import LabContainer from "../components/Lab.vue";
 
 import "./custom.css";
 import Layout from "./Layout.vue";
@@ -18,5 +19,6 @@ export default {
     app.component("ProContainer", ProContainer);
     app.component("Mermaid", Mermaid);
     app.component("Icon", Icon);
+    app.component("LabContainer", LabContainer);
   },
 } satisfies Theme;

src/app/guides/assistant_csrf.md

@@ -5,9 +5,11 @@ description: "A step-by-step guide to using Caido's AI Assistant to generate Cro
 # Generating CSRF PoCs
 
 <ProContainer>
-The <b>Assistant</b> are only available to users with Individual or Team tier subscriptions.
+The <b>Assistant</b> is only available to users with Individual or Team tier subscriptions.
 </ProContainer>
 
+<LabContainer :labs="[{name: 'CSRF via Content-Type Lab', url: 'https://labs.caido.io/hubs/csrf-via-content-type'}]" />
+
 ::: warning
 Submitted data is sent to a third-party (OpenAI) and can be stored for up to 30 days. Due to this, **anonymize sensitive data** when using the Assistant. Sensitive data may be unintentionally submitted when using the Assistant context menu options. Before using any context menu option, manually review all content to ensure no sensitive data is included. For more information, review:
 

src/app/guides/assistant_explain.md

@@ -5,7 +5,7 @@ description: "A step-by-step guide to using Caido's AI Assistant to explain HTTP
 # Prompting the Assistant to Explain Requests
 
 <ProContainer>
-The <b>Assistant</b> are only available to users with Individual or Team tier subscriptions.
+The <b>Assistant</b> is only available to users with Individual or Team tier subscriptions.
 </ProContainer>
 
 ::: warning

src/app/guides/assistant_model.md

@@ -5,7 +5,7 @@ description: "A step-by-step guide to changing the LLM model in Caido's AI Assis
 # Changing the LLM Model
 
 <ProContainer>
-The <b>Assistant</b> are only available to users with Individual or Team tier subscriptions.
+The <b>Assistant</b> is only available to users with Individual or Team tier subscriptions.
 </ProContainer>
 
 ::: warning

src/app/guides/automate_multiple.md

@@ -86,3 +86,7 @@ The Matrix strategy will test all the possible combinations of payload values ac
 | 7       | username=`chriscremesure`&password=`password` |
 | 8       | username=`chriscremesure`&password=`admin`    |
 | 9       | username=`chriscremesure`&password=`123`      |
+
+::: info
+If `Close Connection` is disabled in the `Settings` tab, the TCP connection is maintained through the session until it is terminated by the server.
+:::

src/app/guides/automate_null.md

@@ -17,3 +17,7 @@ This option will present a `Number of payloads to generate` input field that all
 Once the number has been specified, **click** on the `Run` button to launch the Automate session. A new tab will be generated that contains a traffic table of the requests. To view the results of the session, **click** on this paired tab.
 
 <img alt="The traffic table of Automate session requests." src="/_images/automate_null_results.png" center/>
+
+::: info
+If `Close Connection` is disabled in the `Settings` tab, the TCP connection is maintained through the session until it is terminated by the server.
+:::

src/app/guides/automate_numerical.md

@@ -21,3 +21,7 @@ To account for multi-digit numbers, ensure to set an appropriate value for the `
 Once the configuration has been made, **click** on the `Run` button to launch the Automate session. A new tab will be generated that contains a traffic table of the payload requests. To view the results of the session, **click** on this paired tab.
 
 <img alt="The traffic table of Automate session requests." src="/_images/automate_numbers_results.png" center/>
+
+::: info
+If `Close Connection` is disabled in the `Settings` tab, the TCP connection is maintained through the session until it is terminated by the server.
+:::

src/app/guides/automate_preprocessors.md

@@ -57,3 +57,7 @@ By selecting either `Prefix` or `Suffix` from the Preprocessor type drop-down me
 Any added Preprocessors are displayed in the `Active preprocessors` list and are applied to payloads in ascending order. To reorder their application, **click** on a Preprocessor from the list and use the <code><Icon icon="fas fa-chevron-up" /></code> and <code><Icon icon="fas fa-chevron-down" /></code> buttons.
 
 <img alt="The list of applied Preprocessors." src="/_images/automate_preprocessors_order.png" center/>
+
+::: info
+If `Close Connection` is disabled in the `Settings` tab, the TCP connection is maintained through the session until it is terminated by the server.
+:::

src/app/guides/automate_rate_limiting.md

@@ -7,3 +7,7 @@ description: "A step-by-step guide to configuring rate limiting and concurrency
 By **clicking** on the `Settings` tab of an Automate session, you can control the rate at which Automate sessions send requests via the `Delay (ms) between requests` and `# of workers` input fields.
 
 <img alt="Concurrency settings for Automate sessions." src="/_images/automate_concurrency.png" center/>
+
+::: info
+If `Close Connection` is disabled in the `Settings` tab, the TCP connection is maintained through the session until it is terminated by the server.
+:::

src/app/guides/automate_wordlists.md

@@ -21,3 +21,7 @@ Once a placeholder has been marked, you will be presented with options in the `P
 Once a selection has been made, **click** on the `Run` button to launch the Automate session. A new tab will be generated that contains a traffic table of the payload requests. To view the results of the session, **click** on this paired tab.
 
 <img alt="The traffic table of Automate session requests." src="/_images/automate_wordlist_results.png" center/>
+
+::: info
+If `Close Connection` is disabled in the `Settings` tab, the TCP connection is maintained through the session until it is terminated by the server.
+:::

src/app/guides/filters_httpql.md

@@ -16,6 +16,8 @@ HTTPQL query statements filter either requests (`req`), responses (`resp`), or s
 These statements will serve as a starting point for your HTTPL queries. View the full [HTTPQL](/app/reference/httpql.md) reference to customize your query statements to achieve the intended results.
 :::
 
+<LabContainer :labs="[{name: 'Too Many Request Lab', url: 'https://labs.caido.io/hubs/too-many-requests'}]" />
+
 ## Filtering Requests by Host
 
 To filter requests made to `example.com`, use the `host` field.

src/app/guides/http_history_filtering.md

@@ -21,7 +21,7 @@ Actively applied advanced options are listed below the table.
 <img alt="The applied filters list." src="/_images/http_history_applied.png" center>
 
 ::: tip
-View the [HTTPQL reference](/app/reference/httpql.md) to learn how to filter traffic based on certain traits.
+View the [Writing HTTPQL Queries](/app/guides/filters_httpql.md) guide to learn how to filter traffic based on certain traits.
 :::
 
 <div class="video small">

src/app/guides/replay_resending.md

@@ -13,4 +13,6 @@ description: "A step-by-step guide to resending requests in Caido's Replay featu
 
 To resend a request, **click** on the `Send` button. You can resend requests as many times as you want, allowing you to test how modifications alter the response.
 
+<LabContainer :labs="[{name: 'CSRF via Content-Type Lab', url: 'https://labs.caido.io/hubs/csrf-via-content-type'}, {name: 'Reflected XSS Lab', url: 'https://labs.caido.io/hubs/reflected-xss'}, {name: 'SQL Injection Lab', url: 'https://labs.caido.io/hubs/sql-injection'}, {name: 'SSTI Lab', url: 'https://labs.caido.io/hubs/ssti-lab'}]" />
+
 <img alt="The result of sending a request in Replay." src="/_images/replay_request_send.png" center>

src/app/guides/workflows_creating.md

@@ -4,10 +4,6 @@ description: "A step-by-step guide to creating new workflows in Caido including
 
 # Creating Workflows
 
-::: tip
-View the Tutorials section of the documentation for detailed walk-throughs on creating a variety of workflows.
-:::
-
 To create a new workflow, select a [workflow type](/app/concepts/workflows_intro.md) by **clicking** on either the `Passive`, `Active`, or `Convert` tabs and **click** the `+ New workflow` button.
 
 <img alt="The workflow type tabs and + New workflow button." src="/_images/workflows_create.png" center>
@@ -16,6 +12,12 @@ Once the workflow is created, you can edit its display name and provide an optio
 
 <img alt="The workflow name and description input fields." src="/_images/workflows_name_description.png" center>
 
+::: tip
+View the Tutorials section of the documentation for detailed walk-throughs on creating a variety of workflows.
+:::
+
+<LabContainer :labs="[{name: 'SHASigned Lab', url: 'https://labs.caido.io/hubs/sha-signed'}, {name: 'Session Monitor Lab', url: 'https://labs.caido.io/hubs/session-monitor'}]" />
+
 ## Adding Nodes
 
 To add new nodes, **click** on the `+ Add Node` button and the `+ Add` button of a listed node.

src/app/quickstart/automate.md

@@ -24,4 +24,6 @@ The `Automate` interface gives you the ability to send requests programatically.
 - [Avoiding Rate-Limiting Protections](/app/guides/automate_rate_limiting.md)
 :::
 
+<LabContainer :labs="[{name: 'IDOR Vulnerability Lab', url: 'https://labs.cai.do/idor.php'}, {name: 'Hidden Dashboard Lab', url: 'https://labs.cai.do/hiddenDashboard.php'}]" />
+
 <img alt="The Automate interface." src="/_images/automate_interface.png" center>

src/app/quickstart/http_history.md

@@ -19,4 +19,6 @@ The `HTTP History` interface provides a table that contains all of the HTTP requ
 - [Viewing Modifications](/app/guides/http_history_modifications.md)
 :::
 
+<LabContainer :labs="[{name: 'HTTP Hunt Lottery Lab', url: 'https://labs.cai.do/http-hunt/index.php'}]" />
+
 <img alt="The HTTP History interface." src="/_images/http_history_interface.png" center>

src/app/quickstart/match_replace.md

@@ -22,4 +22,6 @@ The `Match & Replace` interface gives you the ability to create rules that will
 - [Testing Rules](/app/guides/match_replace_testing.md)
 :::
 
+<LabContainer :labs="[{name: 'Match & Replace Lab', url: 'https://labs.caido.io/hubs/match-and-replace'}]" />
+
 <img alt="The Match & Replace interface." src="/_images/match_replace_interface.png" center>

src/app/quickstart/replay.md

@@ -21,4 +21,6 @@ The `Replay` interface gives you the ability to create, modify, and send individ
 - [Using Environment Variables in Replay](/app/guides/replay_environment_variables.md)
 :::
 
+<LabContainer :labs="[{name: 'CSRF via Content-Type Lab', url: 'https://labs.caido.io/hubs/csrf-via-content-type'}, {name: 'Reflected XSS Lab', url: 'https://labs.caido.io/hubs/reflected-xss'}, {name: 'SQL Injection Lab', url: 'https://labs.caido.io/hubs/sql-injection'}]" />
+
 <img alt="The Replay interface." src="/_images/replay_interface.png" center>

src/app/quickstart/workflows.md

@@ -33,4 +33,6 @@ Within the `Workflows` interface, you can construct multi-step processes to exec
 - [Resign AWS Requests Workflow](/app/tutorials/aws_signature.md)
 :::
 
+<LabContainer :labs="[{name: 'SHASigned Lab', url: 'https://labs.caido.io/hubs/sha-signed'}, {name: 'Session Monitor Lab', url: 'https://labs.caido.io/hubs/session-monitor'}]" />
+
 <img alt="The Workflows interface." src="/_images/workflows_interface.png" center>

src/app/troubleshooting/startup.md

@@ -73,3 +73,11 @@ Then, launch Caido through XWayland.
 ```bash
 env ELECTRON_OZONE_PLATFORM_HINT=x11 ./caido
 ```
+
+## Blank Screen
+
+<code><Icon icon="fas fa-screwdriver-wrench" /></code> If you encounter a blank screen in the desktop application, launch Caido with the `--disable-gpu` command-line option.
+
+```bash
+caido --disable-gpu
+```

src/app/tutorials/autorize.md

@@ -6,7 +6,7 @@ description: "Learn how to configure and use the Autorize plugin for automated a
 
 [Autorize](https://github.com/caido-community/autorize) is Caido's official authorization/access control vulnerability testing plugin.
 
-In this tutorial you will learn how to configure the plugin to conduct both passive and active scanning against a intentionally vulnerable application from Caido's Web Security Labs.
+In this tutorial you will learn how to configure the plugin to conduct both passive and active scanning.
 
 ::: info
 Autorize is available for [installation](/app/guides/plugins_installing.md) in the `Official` tab of the Plugin interface.
@@ -22,9 +22,11 @@ Autorize creates templates for proxied requests that are modified to simulate re
 
 By comparing the corresponding responses of these requests to each other, Autorize is able to determine if low-privilege or unauthenticated users are able to access the same resources or functionality available to the high-privilege user.
 
-## Autorize Lab Walkthrough
+## Autorize IDOR Testing Lab Walkthrough
 
-The Autorize Lab features registered accounts for two users: John and Bob.
+<LabContainer :labs="[{name: 'Autorize IDOR Testing Lab', url: 'https://labs.cai.do/autorize.php'}]" />
+
+The Autorize IDOR Testing Lab features registered accounts for two users: John and Bob.
 
 By designating John as the low-privilege user and Bob as the high-privilege user, we will use Autorize passively test for authorization vulnerabilities against API endpoints that return sensitive account data based on the `user_id` query parameter:
 

src/app/tutorials/shift.md

@@ -44,6 +44,8 @@ Find similar requests to this.
 Shift is highly capable and should be able to carry out any task you could do with a well-written prompt.
 :::
 
+<LabContainer :labs="[{name: 'Shift Payload Lab', url: 'https://labs.caido.io/hubs/shift-payload'}]" />
+
 ## Configuration
 
 To use Shift, register/login to [https://openrouter.ai/](https://openrouter.ai/) and obtain an [API key](https://openrouter.ai/settings/keys).