Vodafone Spain using inline page injection?

Sam Nazarko has written a blog post about how he discovered that Vodafone in Spain is injecting JavaScript into every web page he browses:

I’ve started noticing requests to ’′. Seeing as most ISPs use this IP internally, I thought I’d check out what’s going on.

No response to ping, and HTTP requests to that page will return a 500 status code. However I noticed this nasty:

<script src="" language="javascript"></script>

This script is injected in to every HTTP page I request. When I request this web page, the server responds, identifying itself as WebProxy 6.0


For Vodafone to do this, they must be running a transparent HTTP proxy. This likely infers they are sniffing HTTP traffic for other purposes.  It paves the way for deep packet inspection (DPI), much the same way that having a national web filter does. Vodafone can then implement infrastructure that allows the interception and modification of web pages in real time under the guise that this will deliver a better user experience.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.