Achilles

Achilles

Achilles is one of the most unstable but remarkably powerful Web hacking tools available for Windows. It acts like a Web proxy, capturing information being sent back to the Web server and then allowing the user to manipulate that information and send it to the server. This ability to modify on the fly what the user's browser is sending to the Web server allows an attacker to attempt various nefarious attempts, including SQL injection and impersonation.

Achilles contains the following features:

         Proxy server (port configurable)

         HTTP and SSL interception

         Insert/alter data in HTTP stream

         Recalculation of the required HTTP fields

         Buffer overflow testing

         Log of HTTP and SSL sessions

The main features that we demonstrate here are HTTP and SSL interception and altering of data by far the largest components of Achilles. Figure 15-11 illustrates the process.

Figure 15-11. Achilles interception of data

To use Achilles, we must start the application and then check these options:

         Intercept Mode ON

         Intercept Client Data

Once we have selected them, we simply hit the Start button. But before we can use Achilles to proxy our connections through to the Internet and the Web site being tested, we must configure our Internet browser to use the Achilles proxy server. By default, the Achilles proxy runs on port 5000, so to enable our Internet Explorer browser to use this port for proxying, we follow these steps:

1.       From the menu, select Tools->Internet Options.

2.       Select the Connections tab.

3.       Select the LAN Settings button.

4.       Check the Use a proxy server for your LAN box, in the Proxy Server group.

5.       In the Address field, type in the localhost address: 127.0.0.1.

6.       In the Port field, type in the default Achilles port: 5000 (or whatever you setup Achilles for).

Once we've set up the browser, we begin surfing the Web through Achilles and observe every request sent to the target server. For example, Figure 15-12 illustrates how a GET request was made to the target and displays the header fields.

Figure 15-12. Achilles interception of a GET request

We've sent a GET request to the target Web server, and Achilles has intercepted it. Now we must hit the Send button at the bottom left to send the request as it is in the window to the target Web server. If we wanted to modify the window in any way, we would simply change the information in it and then hit Send.

In addition to client data interception, Achilles also offers the ability to capture server data. We just click in the Intercept Server Data(text) checkbox and make a request of the server. Not only does the client's request get intercepted, but so too does the server's reply. The server's response isn't critical to Web assessment, but it can be helpful in understanding the cookies being set and general state management attempts made by the Web server.

Unfortunately, Achilles can't tell us which part of the request or response we're viewing in the edit box. In other words, what we see in the edit box may be a request sent from our browser to the Web server or a response from the Web server to our browser. An understanding of this sequence (as detailed in Chapter 4) is essential to effective Achilles use.

An example of Achilles in action is presented next, in conjunction with Cookie Pal. For more information on impersonation, see Chapter 13.