Achilles

From ChekMate Security Group

Achilles is a tool designed for testing the security of web applications. Achilles is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Achilles will intercept an HTTP session's data in either direction and give the user the ability to alter the data before transmission. For example, during a normal HTTP SSL connection a typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Achilles will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server. As data is transmitted between the two nodes, Achilles decrypts the data and gives the user the ability to alter and/or log the data in clear text before transmission.

Contents

[edit]

Current Limitations

  • Achilles does not verify any web servers' certificates. Serving as a man-in-the-middle, Achilles is vulnerable to man-in-the-middle attacks.
  • The current version of Achilles doesn't support host restrictions, so any user with access to the port Achilles is running on can use it as a proxy.
  • Even though Achilles can function as a proxy server, it is highly discouraged to be used as such when not testing web applications.
[edit]

System Requirements:

  • OS: Windows NT, Windows 2000, and Windows 98
[edit]

Features:

  • Full Featured Desktop Proxy Server
  • Intercepts bi-directional HTTP and SSL sessions
  • Logs HTTP and SSL sessions in plain text
  • Inserts data into an editor box allowing alteration
  • Configurable Listening Port
  • Configurable Timeout Values
  • Recalculates Content-Length Fields after data modification
  • Additional buffer space allows buffer overflow testing, up to a maximum of 10,000 bytes
[edit]

References

Due to a cyber squatter, Achilles is no longer online at its original home of www . Digizen-Security . com

Created and released by Robert Cardona of Systegra on Oct 13, 2000. Concept by David Rhoades of Maven Security.

[edit]

Download

Be sure to confirm the MD5 checksum. (MD5 checksum tools for Windows can be found here and here.)

Achilles v0.27 achilles-0-27.zip (MD5: 53c77733109f3d7b33a5143703e8cf05)

Note: If you get a different checksum value, try downloading again. Alternatively, try another browser.

[edit]

Installation

Unzip the download file to any directory (c:\any-directory).

[edit]

Starting Achilles

  1. From windows explorer, navigate to “c:\any-directory” and double click Achilles.exe.
  2. Select intercept mode and intercept client data, and then press the start button to begin.
[edit]

Configuring the Web Browser

The browser must be configured to use a proxy server.

[edit]

Microsoft Internet Explorer Setup

Click Tools --> Internet Options --> Connections -->

If using a dial-up connection, in dialup settings click ‘settings’
If using a local area network click ‘LAN Settings’

Then select Proxy Server, Use Proxy Server—> Advanced and type in 127.0.0.1 for proxy address and 5000 or other configured port (in Achilles port field) for port in the HTTP and Secure boxes only.

[edit]

Netscape Navigator Setup

Click Ed--> Preference--> Advance--> Proxy--> Manual Proxy Configuration --> View

type in 127.0.0.1 for proxy address and 5000 or other configured port
(in Achilles port field) for port in the HTTP and Secure boxes only.
[edit]

Using Achilles

Achilles operates in two modes; non-intercept mode and intercept mode. In non-intercept mode Achilles operates like a standard proxy. In intercept mode Achilles will act as a man-in-the-middle. Intercept mode must be set in order to capture, alter, and log any data during an SSL session. In order to switch between intercept and non-intercept mode, the proxy must be stopped and restarted.

[edit]

Intercept Mode

Note that a considerable performance hit will be suffered while in intercept mode. While in this mode the server and client timeouts are used. In the event of a web page not fully loading or an error is received, it is very possible that the server timeout is too low. This is common when visiting a web page and submitting a form that requires heavy processing at the server’s end, resulting in a lengthy wait. In the event of a timeout, just set the timeout to a higher value, reload the page and change the timeout back to a more efficient value. Only text and html content will be brought up to the edit window for modification.

Note: While in intercept mode, the client browser will pop-up security alerts concerning the servers certificate. Click OK/Continue to continue with the session (NOTE: The web server’s certificate is not being authenticated, making the client web browser vulnerable to man-in-the-middle attacks, so proceed with caution).

[edit]

Non-Intercept Mode

While in non-intercept mode, Achilles will act as a normal proxy. Only a slight performance hit should be noticed. While Achilles is in non-intercept mode timeouts are ignored. At any time during a session, the proxy can be stopped, and switched over to intercept mode and then restarted.

[edit]

Listening Port

The listening port is the port that the proxy server is listening on. This is the port that the web browser must be instructed to use.

[edit]

Cert File

The certificate is required for the client SSL connection to the proxy during intercept mode. A dummy certificate (sample.pem) has been provided. To create a new certificate, download OPENSSL (www.openssl.org) and follow their instructions for installation.

Modify the configuration file openssl.cnf and execute (in windows):

‘openssl req -new -x509 -nodes -out certfile.pem -keyout certfile.pem -days 999 -config openssl.cnf’.
Retrieved from "http://www.chekmate.org//wiki/index.php/Achilles"