Computer Security - Achilles

06-09-2005, 10:36 PM

Hi,

I have used the Achilles proxy server security tool and found it is
very effective in modifying the HTTP requests and repsonses between the
client and server on the fly thus acting as a middle-man-attacker. I
have tested it on a test machine and configured my I.E. to use the port
the proxy server (Achilles) listens to. I found that my webapp is
susceptible to this kind of an attack, but my question is how can this
be exploited on an external network since I.E. will require manual
config for use of such a proxy server. Is there some other tool
available, something like a [sniffer+request modifier], which can be
deployed on any network or remotely and needs no manual config of the
browser? Somehting which the end user will be completely unaware of if
used?

Thanks!

Clementine

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

06-09-2005, 10:36 PM	#1
	Achilles Hi, I have used the Achilles proxy server security tool and found it is very effective in modifying the HTTP requests and repsonses between the client and server on the fly thus acting as a middle-man-attacker. I have tested it on a test machine and configured my I.E. to use the port the proxy server (Achilles) listens to. I found that my webapp is susceptible to this kind of an attack, but my question is how can this be exploited on an external network since I.E. will require manual config for use of such a proxy server. Is there some other tool available, something like a [sniffer+request modifier], which can be deployed on any network or remotely and needs no manual config of the browser? Somehting which the end user will be completely unaware of if used? Thanks! Clementine