My Apartment Injects Javascript Into My Browsers

[schondie]

I don't know if anyone else has come up against this problem but the apartment I stay in during the week has injected a piece of javascript to redirect any site containing BT or torrent to Google. It's not just a blacklist of sites as when I go home at weekends, I still get redirected to Google. As I just want to read Torrentfreak occasionally as I do all my DL at home, I feel that this is a rather extreme measure (and possibly illegal as it interferes with my computer like a virus).

So far I have tried NoScript and various other add ons but this script somehow still gets through before I can block it. The only way I can reset set my computer is by using the clear all catagories in Options - Privacy and clearing all parts of FF.

Any ideas on how to block this script before it gets a chance to run?

[sulasno]

I would try connecting using a proxy

[schondie]

I've tried web based proxies, using FoxyProxy and Proxzilla but I'm currently running the browser in Sandboxie as all the other methods have failed. Whoever set up the Wifi has certainly done a "good" job! He or she has probably been trained by the Chinese government!

I'm quite savvy with computer workarounds but this one has me beaten (for now). I'm hoping the hive mind of TV can tell me how they've done it and what I can do to possibly block it.

Thanks for the comment though as it may help others with similar problems.

Inb4 - Try using 173.193.242.225 instead of www.torrentfreak.com - No good either. They've done a really professional job at this place.

PS. It's just dawned on me that the wifi login page is where the script gets into my computer.

Edited July 10, 2011 by schondie

[ra1n85]

Hmmm. I've done this before with Cisco hardware and access lists, which bases everything on the http get. I am not aware of a way to get around it unless you proxy out. Are you paying for the service? If so, this is an obstructive policy, although TiT.

Have you tried using the IP of the site while Proxying? The HTTP request should be encapsulated. Everything should be invisible to whatever proxy server they're using.

Edited July 10, 2011 by ra1n85

[ra1n85]

I've tried web based proxies, using FoxyProxy and Proxzilla but I'm currently running the browser in Sandboxie as all the other methods have failed. Whoever set up the Wifi has certainly done a "good" job! He or she has probably been trained by the Chinese government!

I'm quite savvy with computer workarounds but this one has me beaten (for now). I'm hoping the hive mind of TV can tell me how they've done it and what I can do to possibly block it.

Thanks for the comment though as it may help others with similar problems.

Inb4 - Try using 173.193.242.225 instead of www.torrentfreak.com - No good either. They've done a really professional job at this place.

PS. It's just dawned on me that the wifi login page is where the script gets into my computer.

This doesn't make sense - do you have to login every time you open a browser? What scripting is their login page written in (.php, .asp, etc.)?

Do you get a response when you ping www.torrentfreak.com? Also, are changing your HTTP port?

[schondie]

I've tried using many different web proxy sites to no avail, they all redirect to Google.

I'll have a look at the login page source to find out what type of file it is.It's a .php page.

Edited July 10, 2011 by schondie

[schondie]

@ ra1n85

No pingbacks from the site. Yes, everytime I close the browser I need to log in again. As I said in the original post, this setup is the worst I've ever come across (or someone has actually done their job well beyond the usual half arsed effort - dam_n them).

I'm going to try running Firefox in safe mode at my next login and see if that gives me a warning about a script that tries running. Failing that I'll try and find the .js file that's entering the comp when I login and attempt to modify it. May be possible, I don't know yet.

If that is possible I don't see an issue with legalities as their code acts in a very manner to the redirection virus that's been recently doing the rounds.

[urandom]

interesting stuff... can you try installing unbound which is, quoting, a "validating, recursive, and caching DNS resolver".

download page is here: http://unbound.net/download.html

don't know which OS you're using but I use it on linux, you just have to start the service and use 127.0.0.1 as your DNS. there are windows binaries available, that should work the same way. in any case, it's always good to read the manual. while you're at it, you can enable DNSSEC (see here: http://unbound.net/documentation/howto_anchor.html )

[schondie]

<br />interesting stuff... can you try installing unbound which is, quoting, a "<i>validating, recursive, and caching DNS resolver".<br /></i>download page is here: <a href='http://unbound.net/download.html' class='bbc_url' title='External link' rel='nofollow external'>http://unbound.net/download.html</a><br /><br />don't know which OS you're using but I use it on linux, you just have to start the service and use 127.0.0.1 as your DNS. there are windows binaries available, that should work the same way. in any case, it's always good to read the manual. while you're at it, you can enable DNSSEC (see here: <a href='http://unbound.net/documentation/howto_anchor.html' class='bbc_url' title='External link' rel='nofollow external'>http://unbound.net/d...wto_anchor.html</a> )<i><br /></i><br />

<br /><br /><br />

Not a bad idea. I switch between Win7 and Mint so this could be the solution. I read the howto and understood about 60% but it makes sense. Also I may install a more obscure browser in Mint and see if there's any hope as this may be, hopefully, targeted at Win machines.

[urandom]

mint (and probably windows) should come with a working configuration. basically that should really be as simple as starting the daemon/service and setup your network to use 127.0.0.1 as your DNS.

[ra1n85]

mint (and probably windows) should come with a working configuration. basically that should really be as simple as starting the daemon/service and setup your network to use 127.0.0.1 as your DNS.

I can't resolve to the site with its IP (173.193.242.225), but that's most likely due to network design at Torrentfreak. Edit your host file to do local only DNS resolution.

%SystemRoot%\system32\drivers\etc\

Just edit it in the same syntax as the examples included.

127.0.0.1 localhost loopback

173.193.242.225 www.torrentfreak.com

EDIT: This is FAR easier than installing a local DNS service.

Edited July 10, 2011 by ra1n85

[luudee]

If you are still having problems, you might want to try the TOR

browser. It encrypts all transfers and allows you to even view

pages blocked in thailand ...

Available for macs, windoze, linux and smart-phones ...

cheers,

rudi

[bangkockney]

Have you isolated FF or is it cross-browser?

I'm suspicious as to the cause of your problem - modern browsers are not so easily attacked.

Edited July 11, 2011 by bangkockney

[schondie]

I'd tried all of the advice offered on this thread but nothing worked as they have the system locked down. The solution came yesterday when they kicked me from the system for trying to (unsuccessfully) connect to sites through web proxies so I went out and bought an aircard from AIS.

Now I have unrestricted web access again.

Many thanks for the advice offered on this thread, it was much appreciated even if it didn't work.

I think a penetration tester equipped with Backtrack 5 couldn't breach this system as it's the most secure I've ever come accross.