Spoof browser update check with wireshark?

Discussion in '3DS - Homebrew Development and Emulators' started by darknezz19, Oct 28, 2015.

  1. darknezz19
    OP

    darknezz19 Advanced Member

    Newcomer
    53
    11
    Oct 27, 2015
    United States
  2. liljon042

    liljon042 GBAtemp Regular

    Member
    142
    59
    Oct 26, 2015
    United States
  3. GamerB

    GamerB GBAtemp Regular

    Member
    103
    13
    Oct 26, 2015
    Canada
    With my Primal Kyogre in the sea
    Weeeell i doesn´t stand this xDD
     
  4. robot56

    robot56 Advanced Member

    Newcomer
    94
    31
    Sep 13, 2015
    United States
    Sure you could spoof it, but the point that's being missed here is that the connection is being made over TLS and not normal HTTP. The handshake would be invalidated if the request was redirected elsewhere and you can't anyway as the actual endpoint is cryptography signed - that means that you can't do simple redirects from /test to /test2 (you never know where the traffic is going) without the server returning an encrypted HTTP header with the "Location" field.

    This issue much broader than the 3DS and unless there's a flaw discovered with the implementation, you're SOL with an MITM attack.
     
    darknezz19 likes this.