back to Mobile Device Security

What happens when android boot contacts www.google.com with a PROBE_DNS

(ipv6.addr == 2a00:1450:400e:808::2004) || (ipv6.addr == 2a00:1450:400e:800::2004) TCP PAYLOAD 233 bytes and 356 back

Override the lookup

don't respond on https

logcat

23:42:19.103379 IP 192.168.11.131.49186 > 192.168.11.1.80: Flags [P.], seq 1:213, ack 1, win 343, options [nop,nop,TS val 4294900183 ecr 20084415], length 212: HTTP: GET /gen_204 HTTP/1.1
E...Y&@.@.H..........".P.E...Fg....W.I.....
.....2v.GET /gen_204 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36
Host: www.google.com
Connection: Keep-Alive
Accept-Encoding: gzip

 

HTTP/2 204 No Content
content-type: text/html; charset=UTF-8
date: Thu, 04 Jun 2020 23:26:41 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: 1P_JAR=2020-06-04-23; expires=Sat, 04-Jul-2020 23:26:41 GMT; path=/; domain=.google.com; Secure; SameSite=none
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2