Hi, I have used the Achilles proxy server security tool and found it is very effective in modifying the HTTP requests and repsonses between the client and server on the fly thus acting as a middle-man-attacker. I have tested it on a test machine and configured my I.E. to use the port the proxy server (Achilles) listens to. I found that my webapp is susceptible to this kind of an attack, but my question is how can this be exploited on an external network since I.E. will require manual config for use of such a proxy server. Is there some other tool available, something like a [sniffer+request modifier], which can be deployed on any network or remotely and needs no manual config of the browser? Somehting which the end user will be completely unaware of if used? Thanks!