Showing posts from November, 2016

F**kadblock! How publishers are defeating ad blockers & how ad blockers are fighting back.

A couple of weeks ago, we looked into how PornHub was getting around ad blockers using WebSockets. We thought it would be cool to take a closer look at how publishers like BusinessInsider and Forbes are detecting ad blockers and preventing users from viewing their content.
BUSINESSINSIDER When visiting a BusinessInsider article while using an ad blocker like AdBlock Plus, after idling on the page for about 10 seconds, a modal blocks you from reading the article:

HOW IS IT DONE? BusinessInsider uses’s VX product (“The evolution of the paywall”) for detecting ad blockers., helpfully has some documentation on how to detect ad blockersusing their or your own solution. Piano’s solution relies on the open-source library FuckAdblock. They use a safe for work alternate version called BlockAdblock, — “FuckAdBlock same project but with a more convenient name.”

FuckAdblock functions by injecting a dummy div into the webpage that contains css classes and styles that are commo…

Pornhub Bypasses Ad Blockers With WebSockets

*** Links to discussions on Reddit and Hacker News. Also check out BugReplay on Product Hunt :)

TLDR; Watch the BugReplay Recording of Pornhub dodging AdBlock

(NSFW level: medium)

We tried to find the most PG page on MindGeek’s network to use as an example- it wasn’t easy. When I was building the prototype for BugReplay, I was evaluating different methods of capturing and analyzing network traffic from Chrome. One of the first things I saw that looked promising was the chrome.webRequest API.

From the docs: “Use the chrome.webRequest API to observe and analyze traffic and to intercept, block, or modify requests in-flight.”

That seemed to be exactly what I needed.

After experimenting with the Chrome webRequest API, I quickly realized there was a big problem. It didn’t allow me to analyze any WebSocket traffic, something I really wanted to support.

As I was searching the web trying to see if I was misreading the documentation or was looking in the wrong spot, I found a relevant bug repor…