Off-Path TCP Exploit: How Wireless Routers Can Jeopardize Your Secret
Demo of off-path TCP exploit for Windows 10 Pro:
Windows 10 Pro version 1709
Chrome version 64.0.3282.140
www.cnn.com uses HTTPS but unfortunately not HSTS. When an user types www.cnn.com, its initial request to the main page is still HTTP (for which we can inject a fake reply already). The real server's subsequent redirection to HTTPS will not take effect.
Demo of off-path TCP exploit for macOS:
macOS version 10.13.1
Chrome version 64.0.3282.140