Cawght par Rajan Yadav
Record your app, let AI find where the business logic breaks.
ExpérimentalExpérimental
Certaines fonctionnalitĂ©s peuvent ĂȘtre payantesCertaines fonctionnalitĂ©s peuvent ĂȘtre payantes
MĂ©tadonnĂ©es de lâextension
Ă propos de cette extension
Description:
Cawght watches how your web app behaves, then tries to break its business rules.
Traditional security scanners catch XSS and SQL injection â but they don't know that your discount code should only work once, that only admins can delete posts, or that User A shouldn't access User B's data. Cawght does.
How it works:
1. Open the sidebar and click Start Recording.
2. Use your web app normally â browse, click, submit forms.
3. Click Stop & Test â Cawght analyzes the captured traffic.
4. AI generates adversarial test scenarios targeting business logic.
5. Tests run automatically and findings are reported with evidence.
What it catches:
* Privilege escalation
* IDOR (Insecure Direct Object Reference)
* State manipulation
* Business constraint violations
* Data isolation failures
Privacy & Requirements:
* Bring your own AI key (Gemini, OpenAI, or Anthropic).
* No data is collected without your explicit action.
Cawght watches how your web app behaves, then tries to break its business rules.
Traditional security scanners catch XSS and SQL injection â but they don't know that your discount code should only work once, that only admins can delete posts, or that User A shouldn't access User B's data. Cawght does.
How it works:
1. Open the sidebar and click Start Recording.
2. Use your web app normally â browse, click, submit forms.
3. Click Stop & Test â Cawght analyzes the captured traffic.
4. AI generates adversarial test scenarios targeting business logic.
5. Tests run automatically and findings are reported with evidence.
What it catches:
* Privilege escalation
* IDOR (Insecure Direct Object Reference)
* State manipulation
* Business constraint violations
* Data isolation failures
Privacy & Requirements:
* Bring your own AI key (Gemini, OpenAI, or Anthropic).
* No data is collected without your explicit action.
Noté 0 par 1 personne
Autorisations et données
Autorisations nécessaires :
- Accéder aux onglets du navigateur
- AccĂ©der Ă lâactivitĂ© du navigateur pendant la navigation
- Accéder à vos données pour tous les sites web
Autorisations facultatives :
- Accéder à vos données pour tous les sites web
Collecte de données nécessaire, selon le développeur :
- Activité des sites web
Collecte de données facultative, selon le développeur :
- DonnĂ©es techniques et dâinteraction
Plus dâinformations
- Liens du module
- Version
- 2.1.1
- Taille
- 1,09Â Mo
- DerniĂšre mise Ă jour
- il y a 2 jours (30 mars 2026)
- Catégories associées
- Licence
- Tous droits réservés
- Politique de confidentialité
- Lire la politique de confidentialité de ce module
- Historique des versions
- Ajouter Ă la collection