Yes, the Finished message sent in both directions authenticates every byte of the previous handshake messages; both peers remember the messages they've sent, and compare them against a hash received from the other peer.

Additionally, even if the SNI extension was not protected against modification, the server would still have to provide a certificate that's valid for the original domain, because even though you can modify network traffic, you cannot modify what the client already knows internally (and will validate received certificates against).