Eliminate: ISP Injects Pages with Iframe Script for Ads

Question

So my ISP (Smartfren; Indonesia) has decided to start injecting all non-SSL pages with an iframing script that allows them to insert ads into pages. Here's what's happening:

1. My browser sends a request to the server. ISP intercepts it and instead returns a javascript that loads the requested page inside an iframe.

2. Aside being annoying in principle, this injection also breaks any number of standard page functionality; and presents possible security hazards.

What I've tried to do so far:

1. Using a GreaseMonkey script to nix away the injected code and redirect to the original URL. Result: Breaks some legitimate iframes. Also, the ISP's code gets executed, because GreaseMonkey only kicks in after the page is loaded.

2. Using Privoxy for a local proxy and setting up a filter to clean up the injection and replace it with a plain javascript redirect to the original URL. Result: Breaks some legitimate iframes. ISP's code never gets to the browser.

You can view the GreaseMonkey and Privoxy fixes I've been working on at the following paste: http://pastebin.com/sKQTvgY2 ... along with a sample of the ISP's injection.

Ideally I could configure Privoxy to immediately resend the request when the alteration is detected, instead of filtering out the injected JS and replacing it with a JS redirection to the original URL. (The ISP-injection gets switched off when the same request is resent without delay.) I'm yet to figure out how to accomplish that. I believe it'd fix the iframe-breaking problem.

I know I could switch to a VPN or use the Tor browser. (Or change the ISP.) I'm hoping there's another way around. Any suggestions on how to eliminate this nuisance?

Answer 1

Actually now I have a solution: The ISP proxy react on the Accept: header that the browser sends.

So this is the default for firefox:

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8

Now we are going to change this default:

And set it to: Accept: */*

Here is how to setup header hacker for google chrome

Set the title to anything you like:NO IFRAME

Append/replace select replace with

String */*

And Match string to .* and then click add.

In the permanent header switches Set domain to .* and select the rule you just created

PS: changing it in the firefox settings does not work 100% because some request like ajax seem to bypass it so a plugin is the only way as it literally intercepts every outgoing browser request

That's it no more iframes!!!

Hope this helps!

Answer 2

UPDATE: Use DNSCrypt is the best solution 😁

OLD ANSWER Im using this method

1. Find resource that contain iframe code (use chrome dev tool)
2. Block the url with proxy or host file

I'm using linux, so i edited my hosts file on /etc/hosts Example :

127.0.0.1 ibnads.xl.co.id