Achilles
Achilles is one of the most unstable but
remarkably powerful Web hacking tools available for Windows. It acts like a Web
proxy, capturing information being sent back to the Web server and then
allowing the user to manipulate that information and send it to the server. This
ability to modify on the fly what the user's browser is sending to the Web
server allows an attacker to attempt various nefarious attempts, including SQL
injection and impersonation.
Achilles contains the following features:
style='font-size:10.0pt;font-family:Symbol'>�
Proxy server (port configurable)
style='font-size:10.0pt;font-family:Symbol'>�
HTTP and SSL interception
lang=EN-GB style='font-size:10.0pt;font-family:Symbol'>�
Insert/alter data in HTTP stream
lang=EN-GB style='font-size:10.0pt;font-family:Symbol'>�
Recalculation of the required HTTP fields
style='font-size:10.0pt;font-family:Symbol'>�
Buffer overflow testing
lang=EN-GB style='font-size:10.0pt;font-family:Symbol'>�
Log of HTTP and SSL sessions
The main features that we demonstrate here
are HTTP and SSL interception and altering of data�by far the largest
components of Achilles. style='color:#003399'>Figure 15-11 illustrates the process.
style='font-size:10.5pt;font-family:Arial'>Figure 15-11. Achilles interception
of data
To use Achilles, we must start the application and then check
these options:
style='font-size:10.0pt;font-family:Symbol'>�
Intercept Mode ON
style='font-size:10.0pt;font-family:Symbol'>�
Intercept Client Data
Once we have selected them, we simply hit the Start button.
But before we can use Achilles to proxy our connections through to the Internet
and the Web site being tested, we must configure our Internet browser to use
the Achilles proxy server. By default, the Achilles proxy runs on port 5000, so
to enable our Internet Explorer browser to use this port for proxying, we
follow these steps:
1.
From the menu, select Tools->Internet Options.
2.style='font:7.0pt "Times New Roman"'> value=2>Select the Connections tab.
3.style='font:7.0pt "Times New Roman"'> value=3>Select the LAN Settings button.
4.style='font:7.0pt "Times New Roman"'> value=4>Check the Use a proxy server for your LAN� box, in the Proxy Server
group.
5.style='font:7.0pt "Times New Roman"'> value=5>In the Address field, type in the localhost address: 127.0.0.1.
6.style='font:7.0pt "Times New Roman"'> value=6>In the Port field, type in the default Achilles port: 5000 (or whatever
you setup Achilles for).
Once we've set up the browser, we begin surfing the Web
through Achilles and observe every request sent to the target server. For
example, style='color:#003399'>Figure 15-12 illustrates how a GET request was
made to the target and displays the header fields.
style='font-size:10.5pt;font-family:Arial'>Figure 15-12. Achilles interception
of a GET request
We've sent a GET request to the target Web
server, and Achilles has intercepted it. Now we must hit the Send button at the
bottom left to send the request as it is in the window to the target Web
server. If we wanted to modify the window in any way, we would simply change
the information in it and then hit Send.
In addition to client data interception,
Achilles also offers the ability to capture server data. We just click in the
Intercept Server Data(text) checkbox and make a request of the server. Not only
does the client's request get intercepted, but so too does the server's reply. The
server's response isn't critical to Web assessment, but it can be helpful in
understanding the cookies being set and general state management attempts made
by the Web server.
Unfortunately, Achilles can't tell us which
part of the request or response we're viewing in the edit box. In other words,
what we see in the edit box may be a request sent from our browser to the Web
server or a response from the Web server to our browser. An understanding of
this sequence (as detailed in lang=EN-GB style='color:#003399'>Chapter 4) is
essential to effective Achilles use.
An example of Achilles in action is presented
next, in conjunction with Cookie Pal. For more information on
impersonation, see style='color:#003399'>Chapter 13.
No comments:
Post a Comment