Vodafone Spain using inline page injection?

Sam Nazarko has written a blog post about how he discovered that Vodafone in Spain is injecting JavaScript into every web page he browses:

I’ve started noticing requests to ’1.2.3.4′. Seeing as most ISPs use this IP internally, I thought I’d check out what’s going on.

No response to ping, and HTTP requests to that page will return a 500 status code. However I noticed this nasty:

<script src="http://1.2.3.4/bmi-int-js/bmi.js" language="javascript"></script>

This script is injected in to every HTTP page I request. When I request this web page, the server responds, identifying itself as WebProxy 6.0

(…)

For Vodafone to do this, they must be running a transparent HTTP proxy. This likely infers they are sniffing HTTP traffic for other purposes.  It paves the way for deep packet inspection (DPI), much the same way that having a national web filter does. Vodafone can then implement infrastructure that allows the interception and modification of web pages in real time under the guise that this will deliver a better user experience.

Leave a Reply

Your email address will not be published. Required fields are marked *

three × three =