So, my ISP (Smartfren; Indonesia) decided to start entering all pages without SSL with an iframing script, which allows them to insert ads on the pages. Here's what happens:
My browser sends a request to the server. ISP intercepts it and instead returns javascript that loads the requested page inside the iframe.
Besides being annoying in principle, this injection also violates any number of standard page functions; and poses potential security threats.
What I tried to do so far:
Using a GreaseMonkey script to remove the entered code and redirect to the source URL. Result: interrupts some legitimate iframes. In addition, the ISP code runs because GreaseMonkey only runs after the page loads.
Using Privoxy for the local proxy server and setting up a filter to clear the injection and replacing it with a simple javascript redirect to the original URL Result: interrupts some legitimate iframes. Provider code never hits the browser.
You can view the GreaseMonkey and Privoxy fixes I worked on with the following paste: http://pastebin.com/sKQTvgY2 ... along with an ISP injection sample.
Privoxy , JS JS URL. (ISP- , .) , . , iframe-break.
, VPN Tor. ( ISP.) , . , ?