I wonder if KRACK could be used for bandwidth leeching?

It would work like a side tap to the connection of the authenticated WPA2 client.

1) Use KRACK to get a MITM position.
2) Inject packets...