Off-Path TCP Exploit: How Wireless Routers Can Jeopardize Your Secret

Demo of off-path TCP exploit for Windows 10 Pro:

Windows 10 Pro version 1709

Chrome version 64.0.3282.140 uses HTTPS but unfortunately not HSTS. When an user types, its initial request to the main page is still HTTP (for which we can inject a fake reply already). The real server's subsequent redirection to HTTPS will not take effect.

Demo of off-path TCP exploit for macOS:

macOS version 10.13.1

Chrome version 64.0.3282.140