No matter, if you are searching for a solution to bypass AdBlock Detection or to protect your website from visitors using Adblockers. The following description will give you some impressions on how easily someone can bypass BlockAdBlock in under 5 minutes per website.
- Chrome is already installed
- AdBlock Plus is already installed
- Install Resource Override or a similar browser plugin
- Start Chrome on your machine
- Open Chrome DevTools
- Select the Network tab
- Visit any website where you know that AdBlock Plus is being blocked
- Use the filter option to search for files called blockadblock or similar.
- Double click on that file to see the raw content of it1.
- Select all the content: Ctrl + A
- Copy all of it: Ctrl + C
- Click on the Resource Override Icon on the top right. Another browser tab will be opened!
- Click on the Add Rule button
- Select Url → File
- Click on the new Edit File button
- Paste all the content into the editor: Ctrl + V
- Click on the Beautify JS button on the top right, if the content is not already well-formatted
- Click on the Find button to the left or use Ctrl + F to open a search field
- Insert detected, notDetected, this._var.event or other strings to identify the following line2
var fns = this._var.event[(detected===true?'detected':'notDetected')]; - Replace the string 'detected' with 'notDetected' like the following3
var fns = this._var.event[(detected===true?'notDetected':'notDetected')]; - Click on Save & Close
- Go back to the website by selecting the previous browser tab.
- Right click on the file you previously doubled clicked
- Select Copy > Copy link address
- Select the Resource Override browser tab again
- Paste the URL into the text field left to the Edit File button
- Make sure the button right to the Edit File button is set to on
- Go back to the website by selecting the previous browser tab.
- Enable the Disable cache checkbox in Chrome DevTools
- Reload the website
1 You could also use this modified content, but keep in mind that websites have their own custom versions of blockadblock.js implmented. So it is always better to use their own content against them.
2 Please note, that this line can slightly differ on each website. For instance, on another website it looked like this:
var e = this._var.event[!0 === t ? "detected" : "notDetected"];
3 Please note, that another line looks very similar. If you see .push at the end of the line, you might have found the wrong occurence.
- If the URL contains some strange characters, don't panic. It's properly a UUID (Universally Unique Identifier) which will be different on each visit. It's just another simple protection mechanism which can be bypassed. Just replace the ID with a single asterisks in the textfield within Resource Override. For instance
https://<URL>/blockadblock-93fc3395f09326b8a934f369fde11e9e.js
will be replaced with
https://<URL>/blockadblock-*.js
It means that we don't care so much about the correct spelling of the file.
Because your installing a plugin to manipulate incoming website content, you should be aware of some lacks of security. The browser plugin itself could contain malicious content. Furthermore anyone else having access to your machine and account can add additional files to manipulate web content. If you are afraid of those situations, you can still use another browser for important tasks, for instance to do online banking.
When visiting a website, a bunch of files is downloaded. Some of them are Javascript files containing application logic. One of the Javascript files might be blockadblock.js. When Resource Override is enabled, it detects the occurrence of specified files and will replace their content with custom versions of it. Other javascript files do not notice the modification. They still calling functions defined in other files will now trigger modified versions of it. In the instant case AdBlock Plus is detected, but instead of calling the proper function, another existing function is called. It looks like AdBlock was not detected
- Don't use BlockAdBlock in production.
- When delegating such tasks to contractors, check their outcome. Hopefully they do not implement BlockAdBlock. But I have already found BlockAdBlock inside of CDNs (Content Delivery Networks)
- Implement your personal Adblock protection instead or pay your web developers more money to implement some real protection!
- Don't lock your premium features, such as streaming without ads, behind BlockAdBlock
- Some websites restrict the use of robots, spiders and scammers in their terms of services. But configuring your own browser and sending a wrong signal back to their services is not always restricted. Good for us ;-)