Its all about how apparent the issue is if you're running Wireshark - it does not stand out, so you have to do a lot more work to discover what is actually happening. The request is also hidden in plain sight along other requests, and those requests are what you'd expect (you'd normally expect a motd request, so this isn't out of the place).Given that the way of circumventing the issue at hand is to delete a single local file, which is far simpler than finding the actual request and setting up fiddler or burp suite, this worked good enough.
No need to overengineer.
No comments yet.