|
|
|
|
| |
Credit:
The tool can be downloaded from:
http://www.digizen-security.com/downloads.html
The information has been provided by DigiZen Security Group.
|
| |
Achilles is a tool designed for testing the security of web applications. Achilles is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Achilles will intercept an HTTP session's data in either direction and give the user the ability to alter the data before transmission. For example, during a normal HTTP SSL connection a typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Achilles will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server. As data is transmitted between the two nodes, Achilles decrypts the data and gives the user the ability to alter and/or log the data in clear text before transmission.
Current Limitations:
- Achilles does not verify any web servers' certificates. Serving as a man-in-the-middle, Achilles is vulnerable to man-in-the-middle attacks.
- The current version of Achilles doesn't support host restrictions, so any user with access to the port Achilles is running on can use it as a proxy.
- Even though Achilles can function as a proxy server, it is highly discouraged to be used as such when not testing web applications.
System Requirements:
- OS: Windows NT, Windows 2000, and Windows 98
Features:
- Full Featured Desktop Proxy Server
- Intercepts bi-directional HTTP and SSL sessions
- Logs HTTP and SSL sessions in plain text
- Inserts data into an editor box allowing alteration
- Configurable Listening Port
- Configurable Timeout Values
- Recalculates Content-Length Fields after data modification
- Additional buffer space allows buffer overflow testing, up to a maximum of 10,000 bytes
|
|
|
|
|
