¨Tool used to edit per-session cookies
¨A Web proxy
¨Attacker’s browser configured to send all HTTP and HTTPS data to Achilles
¨Web browser and proxy can run on same or different machines
¨Archilles allows attacker to edit all HTTP/HTTPS fields, per-session and persistent cookies, hidden form elements, and URLs.
¨Supports HTTPS connections
–one SSL connection set up between browser and Achilles
–Another SSL connection set up between Achilles and Web server