Achilles is a piece of software designed to be a testing tool for web based applications. It’s a proxy server that stands between a client browser and a server browser during a HTTP session, intercepting data and decrypting it for the user to log.
It’s able to do this by filtering data, stopping it and allowing the user to edit it before it is forwarded. Achilles takes turns in masking itself as either the client or the server during a transfer, depending on which way the data stream points.
Basic and straightforward interface
Achilles displays a simple interface which can be characterized as old fashioned, after all, the app hasn’t been updated in a very long time. The application is comprised from a single window where you can set the port number on which you want to listen, as well as the client and server timeout duration.
Apart from that, Achilles also allows you to enable or disable ‘Interception mode’ and choose whether you want to ambush client or server data.
Two operation modes
Achilles enables you to test security by using two modes, intercept and non-intercept. The latter makes the application play the role of a standard proxy while the other will allow you to hijack information. While intercept mode is active, you are free to store, modify and log any data that is exchanged during the SSL session.
A downside to using Achilles is that you have high chances of facing situations where a web page will not load. This is however generally easy to solve by simply increasing the timeout value.
Test web application security
To wrap it up, Achilles does seem to be a handy tool but since it hasn’t been updated in a very long time, it doesn’t verify server certificates or support host restrictions.