It’s able to do this by filtering data, stopping it and allowing the user to edit it before it is forwarded. Achilles takes turns in masking itself as either the client or the server during a transfer, depending on which way the data stream points.
Basic and straightforward interface
Achilles displays a simple interface which can be characterized as old fashioned, after all, the app hasn’t been updated in a very long time. The application is comprised from a single window where you can set the port number on which you want to listen, as well as the client and server timeout duration.
Apart from that, Achilles also allows you to enable or disable ‘Interception mode’ and choose whether you want to ambush client or server data.
Two operation modes
Achilles enables you to test security by using two modes, intercept and non-intercept. The latter makes the application play the role of a standard proxy while the other will allow you to hijack information. While intercept mode is active, you are free to store, modify and log any data that is exchanged during the SSL session.
A downside to using Achilles is that you have high chances of facing situations where a web page will not load. This is however generally easy to solve by simply increasing the timeout value.
Test web application security
To wrap it up, Achilles does seem to be a handy tool but since it hasn’t been updated in a very long time, it doesn’t verify server certificates or support host restrictions.
Reviewed by Alexandru Chirila, last updated on April 24th, 2014
In a hurry? Add it to your Download Basket!
- Changed window from dialog box to window so it's now resizable
- Much improved performance in intercept mode when Intercept Server Data is not checked
- Added client log and server log windows. This may do away with the log to text file. In future
Application descriptionAchilles is a tool that gives a user the possibility to intercept, log, and modify web traffic on the fly. Achilles is...