Bypassing the mobile ISP proxy (BMI)

Article target: web developers

How to bypass the Vodafone transparent proxy. For details about what it is, you can see this page.


Using a local-generated captcha for your website protection can be a bit frustrating if you have customers connecting via Vodafone, T-Mobile, Verizon, Sprint etc etc etc.

The problem appears if you try to start a session from your captcha script. The session will be started to the 1.2.3.4 domain instead of your own awesome domain. Obviously, the browser will not have the session cookie when you submit the information.

The workaround I’ve found: Change the captcha image that was replaced with the one on your website by using JavaScript.

Specify an ID to your captcha image. For example:

Basically, you include the image, assign an ID and when the user clicks on the image, it will be refreshed.

After this part, to bypass the proxy, you need a small javascript portion:

So, if the browser detects that the source of the captcha element isn’t what you want, it will just replace it (and load the new image).