back to Mobile Device Security
What happens when android boot contacts www.google.com with a PROBE_DNS
(ipv6.addr == 2a00:1450:400e:808::2004) || (ipv6.addr == 2a00:1450:400e:800::2004) TCP PAYLOAD 233 bytes and 356 back
Override the lookup
don't respond on https
23:42:19.103379 IP 192.168.11.131.49186 > 192.168.11.1.80: Flags [P.], seq 1:213, ack 1, win 343, options [nop,nop,TS val 4294900183 ecr 20084415], length 212: HTTP: GET /gen_204 HTTP/1.1 E...Y&@.@.H..........".P.E...Fg....W.I..... .....2v.GET /gen_204 HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36 Host: www.google.com Connection: Keep-Alive Accept-Encoding: gzip
HTTP/2 204 No Content content-type: text/html; charset=UTF-8 date: Thu, 04 Jun 2020 23:26:41 GMT server: gws content-length: 0 x-xss-protection: 0 x-frame-options: SAMEORIGIN set-cookie: 1P_JAR=2020-06-04-23; expires=Sat, 04-Jul-2020 23:26:41 GMT; path=/; domain=.google.com; Secure; SameSite=none alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2