Does your app enforce
its own rules?
Cawght understands how your app works, generates adversarial test scenarios, executes them, and tells you where the business logic breaks.
Traditional scanners can't catch this
Tools like Snyk and Burp Suite catch XSS and SQL injection — but they don't know that your discount code should only work once, or that only admins can delete posts. Business logic flaws require understanding what the feature is supposed to do.
How it works
Install the browser extension
Add Cawght to Chrome or Firefox. Sign in with Google and you're ready to go.
Use your app normally
Open the side panel, click Start, and use the feature you want to test. Cawght observes how your application behaves.
AI generates attack scenarios
Cawght analyzes your application and generates adversarial test scenarios — can a coupon be reused? Can a regular user access admin features? Can boundaries be bypassed?
Review, execute, get findings
Review the scenarios, approve or skip, then execute. Cawght runs the tests, evaluates the results, and shows you exactly where business rules break — with evidence.
What Cawght tests
Privilege Escalation
Can a regular user do admin-only actions?
IDOR
Can one user access another's data by changing an ID?
Race Condition
Can limits be bypassed via concurrent requests?
Boundary Violation
Can numerical boundaries be violated?
Parameter Tampering
Can request params like price or role be changed?
State Manipulation
Can workflow steps be skipped?
Get started in 30 seconds
Download the extension from the Chrome Web Store (or load unpacked for development)
Enter your Gemini API key (free from Google AI Studio)
Navigate to your app, start a scan, and test
No signup. No credit card. Bring your own API key.