Beware !! Vodafone’s spying on you


Today, while surfing on Twitter, I noticed Brute Logic’s Tweet about the JS event handler “onbeforescriptexecute”, which makes a tag execute JS right before every tag on the page starts execution.

I followed the link provided in the tweet anticipating that only one alert will be there because of the tag that is already in the page, but I was surprised to see that actually two alert boxes appeared.

I inspected the source code of the page, and was thrilled to see a completely new tag there, which was not there in the first place on the page, neither was it injected in the payload. See the following screenshot:

After some research on Google, I found out that the script gets injected by my ISP, Vodafone. This means that they are intercepting and eavesdropping on EVERY request I make to EVERY page that doesn’t use HTTPS as protocol, and of course EVERYONE else’s requests as well.

The script basically replaces all the images in a given page with low quality ones, saving bandwidth for Vodafone, and giving them the opportunity to inspect every request issued by the devices connected to them.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s