Drift AI Security Helper: Turn Your Local CLI Into a Live Caido Pentesting Assistant – No Cloud, No API Keys + Video

Listen to this Post

Featured Image

Introduction:

Manual web security testing often forces a trade-off between AI-assisted efficiency and data privacy. Most AI integrations either exfiltrate HTTP traffic to remote LLM services or require managing yet another set of API keys and billing relationships. Drift, an open-source Caido plugin by Alexis Fernández (six2dez), solves this by running your locally authenticated AI CLI – Code, Gemini CLI, Codex CLI, or GitHub Copilot CLI – directly inside Caido. It embeds an MCP server that gives the assistant live access to your session’s HTTP history, replay requests, scope management, environment variables, and finding creation, all without a single byte of your traffic leaving your machine.

Learning Objectives:

  • Configure Drift to connect Caido with local AI CLIs ( Code, Gemini, Codex, Copilot) while enforcing a zero‑cloud security model.
  • Use 18 MCP tools – including search_history, send_request, create_finding, and intercept controls – to automate IDOR detection, auth bypass validation, race condition testing, and data‑leak audits.
  • Implement approval gates, SQL escaping, and DOMPurify plus markdown‑it with HTML disabled to block prompt injection and XSS in AI‑assisted web testing workflows.

You Should Know:

  1. Installing Caido and Setting Up Drift with a Local AI CLI

Drift runs as a plugin inside Caido, a modern web security testing proxy. You need Caido installed (Linux/macOS/Windows) and at least one compatible AI CLI authenticated locally.

Step‑by‑step guide:

  1. Install Caido – Download from caido.io. For Linux:
    Debian/Ubuntu
    wget -O caido.deb https://caido.io/download/linux_deb
    sudo dpkg -i caido.deb
    caido
    

    Windows: Use the `.exe` installer or winget install caido.

  2. Install an AI CLI – Example with Code (stable backend):

    Linux/macOS
    npm install -g @anthropic-ai/-code
    authenticate  Follow OAuth, stores token locally
    

    For Gemini CLI: `npm install -g @google/gemini-cli` then gemini auth login.

3. Clone and install Drift:

git clone https://github.com/six2dez/drift
cd drift
 Caido plugins are loaded via the GUI: Plugins → Load from directory → select the drift folder
  1. Run Caido, open the target web app, and activate Drift from the plugin menu. Run a health check: In Drift’s settings, click “MCP self‑test”. It should report all 18 tools available.

  2. Verify no data leaves your machine – Use a network monitor like `tcpdump` or Wireshark to confirm no traffic to external LLM endpoints. The AI CLI runs locally, and Drift only communicates via localhost MCP.

  3. Mastering the 18 MCP Tools: From HTTP Search to Automated Findings

Drift exposes an MCP (Model Context Protocol) server inside Caido. The assistant can call tools like search_history, send_request, create_finding, scope_add, env_get, and intercept_toggle. This turns your AI CLI into a live co‑pentester.

Step‑by‑step – build an IDOR detection workflow:

  1. In Caido, capture a request with a user ID parameter: GET /api/user/1234/profile.
  2. Open your AI CLI (e.g., “). Type: “List all requests containing ‘/api/user/’ using search_history.”

– Drift internally runs `search_history` with regex \/api\/user\/\d+.
3. Instruct the assistant: “For each unique user ID found, replay the request with incremental IDs 1235,1236,… using send_request. Compare response status and body.”
4. Drift calls `send_request` with modified parameters, respecting scope and approval gates.
5. The assistant analyzes differences – if `1235` returns another user’s data, it calls `create_finding` with severity, evidence, and remediation.
6. Manual validation: Use `intercept_toggle` to pause automation and manually verify any found IDOR.

Commands to test IDOR detection manually (without AI) – useful for understanding what Drift automates:

 Linux – using curl to iterate IDs
for id in 1234 1235 1236; do
curl -H "Cookie: session=..." https://target.com/api/user/$id/profile
done | jq '.email'  Filter for unique emails

Windows PowerShell equivalent:

1234..1236 | ForEach-Object { Invoke-WebRequest -Uri "https://target.com/api/user/$_/profile" -Headers @{Cookie="session=..."} }
  1. Security Hardening: Approval Gates, SQL Escaping, and XSS Blocking

Drift’s security model is explicit: no secrets in logs, mutable actions require approval, and prompt‑injection XSS is prevented with DOMPurify + markdown‑it with HTML disabled. As a penetration tester, you must verify these controls.

Step‑by‑step – test the approval gate mechanism:

  1. In Drift settings, set “Sensitive actions require approval” to ON for tools like `send_request` (mutating POST/PUT) and create_finding.
  2. Ask the AI assistant: “Use create_finding to add a critical finding with title ‘XSS in search’.”
  3. Drift will pause and display an approval prompt in Caido’s UI with the exact tool arguments. You must manually click “Approve” or “Deny”.
  4. Confirm that approval is remembered per session (session memory) – after approving once, subsequent `create_finding` calls for the same session may not require re‑approval based on configuration.
  5. Test SQL injection protection: Drift uses SQL escaping for any persistence (e.g., saving findings to a local DB). You can inspect the plugin source at `drift/internal/store/sqlite.go` to see parameterized queries.

Linux command to verify no secrets leak into logs:

grep -r "API_KEY|SECRET|TOKEN" ~/.cache/caido/logs/
 Should return nothing. Also check Drift's own logs:
tail -f ~/.caido/plugins/drift/logs/drift.log | grep -i "secret"
  1. Workflow Recipes: Auth Bypass and Race Condition Testing

The included `docs/cookbook.md` provides 7 ready‑to‑use recipes. Here’s how to execute two critical ones using Drift’s context menus.

Auth bypass workflow (parameter pollution / JWT none attack):

  1. Right‑click on a login or profile request in Caido → “Review Request” (Drift context menu).
  2. The assistant analyzes the request and suggests: “Try adding a second `role=admin` parameter” or “Change algorithm to `none` in JWT header.”
  3. Drift uses `send_request` to test variations. If a 200 OK returns admin content, it calls `create_finding` with OWASP API9:2023 classification.

4. To manually replicate:

 JWT none attack example using jwt_tool
python3 jwt_tool.py <token> -X a -a none

Race condition detection (concurrent requests):

  1. Select a vulnerable endpoint (e.g., gift card redemption POST /redeem) using Drift’s context menu → “Build Test Plan”.
  2. The assistant uses `search_history` to locate the endpoint and then generates a script using `send_request` with `–race` flag (simulated via parallel sends).

3. Run the generated bash script:

 Drift outputs something like:
for i in {1..20}; do curl -X POST https://target.com/redeem -d code=DISCOUNT100 -H "Cookie: $COOKIE" & done

4. Drift’s assistant analyzes responses for double‑redemption or inconsistent state and creates a finding with PoC.

  1. Cloud Hardening: Extending Drift to AWS/Azure Environments via Scope and env_get

While Drift is designed for web app testing, you can harden cloud configurations by using its `scope` and environment tools. For example, test if an exposed S3 bucket or Azure Blob allows privilege escalation.

Step‑by‑step – audit cloud storage permissions with Drift:

  1. In Caido, capture a request that generates a signed URL for an S3 object (e.g., from a web app that lists files).
  2. Use the assistant: “Use `scope_add` to restrict all operations to `.s3.amazonaws.com` and mybucket.s3.amazonaws.com.”
  3. Then ask: “Use `env_get` to retrieve any AWS environment variables from my local shell (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, etc.) – but do not log them.” (Drift’s approval gate will fire for `env_get` because it reads sensitive vars.)
  4. The assistant then can call `send_request` with modified headers to test if the signed URL grants write access: `PUT /object.txt` with a test payload.
  5. If the bucket allows unauthenticated writes, Drift creates a finding with evidence.

Manual cloud hardening commands (Linux):

 Check for exposed S3 bucket policies
aws s3api get-bucket-acl --bucket mybucket --region us-east-1
 Use a tool like Scout Suite for full audit
scout aws --report

Windows (using AWS CLI for PowerShell):

Get-S3BucketAcl -BucketName mybucket
  1. Diagnostics and Troubleshooting: Health Checks and Session Resume

Drift includes a diagnostics bundle and in‑app health check. Use these when the assistant stops responding or tools fail.

Step‑by‑step – run a full diagnostic:

1. In Caido, open Drift plugin settings.

2. Click “Run Health Check”. It tests:

  • MCP server connectivity (localhost:port)
  • Each of the 4 AI CLI backends ( Code, Gemini, Codex, Copilot) for availability
  • Permissions for reading Caido’s internal databases (history, scope, environments)
  • SQLite write access for findings persistence
  1. If health check passes but Code fails to resume a session, enable “Session Resume” toggle in Drift config. This saves the conversation history locally (encrypted) so you can close and reopen Caido without losing context.
  2. Generate a diagnostics bundle: click “Export Bundle” – a zip file containing sanitized logs (no request/response bodies, only metadata). Share with the developer on GitHub issues.

Linux command to manually verify MCP server is listening:

netstat -tulpn | grep -E ':(3000|5000)'  Drift’s default MCP port
curl http://localhost:3000/health  Should return {"status":"ok"}

Windows (PowerShell):

Get-NetTCPConnection -LocalPort 3000 | Select-Object State, OwningProcess

What Undercode Say:

  • Key Takeaway 1: Drift’s local‑only architecture (no API keys, no cloud) sets a new standard for AI‑assisted web testing, proving that powerful automation doesn’t require data leakage. The approval gates and sanitized rendering are practical defenses against prompt injection and XSS in LLM tool use.
  • Key Takeaway 2: With 18 MCP tools and 7 cookbook recipes, Drift lowers the barrier for junior testers to execute advanced attacks like race conditions and IDOR, while giving seniors fine‑grained control through scope and intercept toggles. The session resume feature is a hidden gem for long‑duration engagements.

Analysis: The threat model documented in `SECURITY.md` is refreshingly honest – it acknowledges that the AI CLI itself may have vulnerabilities, but Drift isolates Caido’s session data. Penetration testers should still rotate their AI CLI authentication tokens after each engagement, as Drift doesn’t sandbox the AI’s ability to read those local tokens. The experimental support for Gemini and Codex CLIs is promising; expect rapid improvements once feedback rolls in. For red teams, Drift transforms Caido from a manual proxy into an autonomous assistant that can run overnight validation of parameter pollution, race conditions, and misconfigured cloud endpoints.

Prediction:

Within 12 months, local‑first AI security assistants like Drift will become the default for any serious web penetration testing engagement. Cloud‑based LLM integrations that upload HTTP traffic will be relegated to low‑risk, internal‑only testing. We’ll see forks that add support for local models (Ollama, LLaMA) and real‑time traffic mutation using AI‑generated fuzzing payloads. However, organizations will need to update their incident response playbooks to include “AI CLI log audits” – because even with no cloud, the local AI’s cache may retain sensitive request data. Expect Caido to officially bundle Drift by Q4 2026, and Burp Suite to release a competitive (but likely cloud‑connected) alternative. The future is an AI that works offline, on your hardware, without trusting a third party with your active breach data.

▶️ Related Video (68% Match):

🎯Let’s Practice For Free:

IT/Security Reporter URL:

Reported By: Alexisfdezfdez Shipped – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky