DEV Community: Mayank Srivastava The latest articles on DEV Community by Mayank Srivastava (@mayank7924). https://dev.to/mayank7924 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3940903%2F4fd37efa-a174-43b0-85e7-8b83ad17896e.jpeg DEV Community: Mayank Srivastava https://dev.to/mayank7924 en How I Beat a 16-Click Anti-Bot Ad Trap Mayank Srivastava Wed, 20 May 2026 16:50:04 +0000 https://dev.to/mayank7924/how-i-beat-a-16-click-anti-bot-ad-trap-4o4l https://dev.to/mayank7924/how-i-beat-a-16-click-anti-bot-ad-trap-4o4l <h3> 🎯 I Got Tired of Closing Popups. So I Reverse-Engineered the Entire Ad Stack. </h3> <p>We’ve all been there.<br> You open a streaming site.<br><br> You click play.</p> <p>💥 A new tab appears.</p> <p>You close it. Click again.</p> <p>💥 Another popup.</p> <p>Some sites are so aggressive that watching a single episode feels like defusing a bomb through <strong>16 consecutive popups</strong> while trying not to accidentally download malware from 2007.</p> <p>Most people tolerate it.<br> I couldn’t.</p> <p>As a developer, the moment software starts fighting the user this aggressively, it stops being an inconvenience and becomes a challenge.<br> So I decided to break it.</p> <h3> 🧪 Phase 1 — The “This Should Work” Delusion </h3> <p>My first thought was simple:<br> Override <code>window.open</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nb">window</span><span class="p">.</span><span class="nx">open</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="kc">null</span><span class="p">;</span> </code></pre> </div> <p>Done. Right?<br> Nope.<br> The site completely ignored it.<br> That’s when I realized this wasn’t normal popup logic anymore.<br> This was engineered hostility.</p> <h3> 👻 Phase 2 — Chasing Invisible Click Traps </h3> <p>I opened DevTools and started tracing the DOM during every interaction.<br> Something strange kept happening.<br> Inside the video player container, the final </p> kept rapidly changing after every click.<br> Then it clicked.<br> The site was dynamically generating transparent overlay layers directly above the player.<br> The actual video button wasn’t receiving my clicks.<br> The invisible overlay was.<br> Every physical mouse interaction got hijacked by a temporary fullscreen layer designed to trigger an ad redirect using a trusted human click.<br> The sequence looked something like this:<br> <pre class="highlight plaintext"><code>flowchart TD A[User Click] B[Invisible Overlay Captures Event] C[Ad Redirect Triggered] D[Overlay Self-Deletes] E[New Overlay Spawned] A --&gt; B B --&gt; C C --&gt; D D --&gt; E E --&gt; B </code></pre> <p>Ridiculously clever.<br> Because technically I initiated the click, the browser trusted the action.<br> So I escalated.</p> <h3> ⚔️ Phase 3 — Fighting Back With a Chrome Extension </h3> <p>At this point, I realized manual debugging alone wasn't enough anymore.</p> <p>So I decided to escalate.</p> <p>I created a custom Chrome extension specifically for this battle.</p> <p>The first version was primitive — a DOM-level interceptor designed to watch the page in realtime and surgically remove the invisible overlay traps before they could hijack clicks.</p> <p>I used a <code>MutationObserver</code> to monitor the page for dynamically injected elements:<br> </p> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">observer</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">MutationObserver</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nb">document</span><span class="p">.</span><span class="nf">querySelectorAll</span><span class="p">(</span><span class="dl">'</span><span class="s1">.suspicious-overlay</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">forEach</span><span class="p">(</span><span class="nx">el</span> <span class="o">=&gt;</span> <span class="nx">el</span><span class="p">.</span><span class="nf">remove</span><span class="p">());</span> <span class="p">});</span> <span class="nx">observer</span><span class="p">.</span><span class="nf">observe</span><span class="p">(</span><span class="nb">document</span><span class="p">.</span><span class="nx">body</span><span class="p">,</span> <span class="p">{</span> <span class="na">childList</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">subtree</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> </code></pre> <p>For a brief moment…<br> …it worked.<br> Then the site hit back.</p> <p>🤖 It was at this moment I realized I was fighting an Anti-Bot System</p> <p>Buried deep inside the bundled scripts was an aggressive anti-fraud service called Adscore.</p> <p>The behavior suddenly changed:</p> <p>🧹 Console logs started disappearing<br> 🔄 The player entered infinite click loops<br> 🕵️ Hardware fingerprinting routines activated<br> 🎮 WebGL context checks triggered<br> 📏 Screen dimension math got evaluated<br> 🧠 Browser behavior started getting profiled</p> <p>The site wasn’t just showing ads anymore.<br> It was actively detecting interference.<br> And then I realized my mistake:</p> <p>I was still fighting inside the webpage sandbox.</p> <p>That was their territory.</p> <p><strong>🧠 Phase 4 — Stop Fighting the UI. Attack the Network.</strong></p> <p>If the frontend is weaponized…<br> …you stop fighting visuals.</p> <p>You cut the supply lines.</p> <p>Instead of targeting the popup elements themselves, I started tracing the network behavior behind them.<br> During tiny windows before the console got wiped, I managed to capture the redirect domains responsible for the popup chains.<br> That changed everything.</p> <p>Because once you identify the routing infrastructure the illusion collapses.</p> <p><strong>🔥 The Final Architecture</strong></p> <p>I rebuilt the extension entirely around Chrome’s native browser APIs:</p> <ol> <li>declarativeNetRequest</li> <li>tabs</li> <li>background service workers</li> </ol> <p>No more DOM fighting.<br> No more chasing invisible overlays.<br> No more playing inside their sandbox.<br> The browser itself would now intercept requests before the scripts could fully execute.</p> <p>📦 manifest.json<br> </p> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"manifest_version"</span><span class="p">:</span><span class="w"> </span><span class="mi">3</span><span class="p">,</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Native Ad Network Guard"</span><span class="p">,</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Drops ad-network connections and instantly auto-closes leaked popups."</span><span class="p">,</span><span class="w"> </span><span class="nl">"permissions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"declarativeNetRequest"</span><span class="p">,</span><span class="w"> </span><span class="s2">"tabs"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"host_permissions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"&lt;all_urls&gt;"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"background"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"service_worker"</span><span class="p">:</span><span class="w"> </span><span class="s2">"background.js"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> <p>⚡ background.js<br> </p> <pre class="highlight javascript"><code><span class="c1">// Domains responsible for popup routing,</span> <span class="c1">// ad redirects, tracking, and anti-user behavior.</span> <span class="kd">const</span> <span class="nx">BLOCKED_DOMAINS</span> <span class="o">=</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">xadsmart.com</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">adsco.re</span><span class="dl">"</span> <span class="p">];</span> <span class="c1">// ---------------------------------------------------</span> <span class="c1">// 1. Create browser-level blocking rules</span> <span class="c1">// ---------------------------------------------------</span> <span class="c1">// Chrome's declarativeNetRequest API works by defining</span> <span class="c1">// static rule objects that the browser engine enforces</span> <span class="c1">// BEFORE requests fully execute.</span> <span class="kd">const</span> <span class="nx">rules</span> <span class="o">=</span> <span class="nx">BLOCKED_DOMAINS</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">domain</span><span class="p">,</span> <span class="nx">index</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">id</span><span class="p">:</span> <span class="nx">index</span> <span class="o">+</span> <span class="mi">1</span><span class="p">,</span> <span class="na">priority</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="c1">// Action to perform when matched.</span> <span class="c1">// In this case: completely block the request.</span> <span class="na">action</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">block</span><span class="dl">'</span> <span class="p">},</span> <span class="c1">// Conditions that trigger the rule.</span> <span class="na">condition</span><span class="p">:</span> <span class="p">{</span> <span class="c1">// Match any request containing this domain.</span> <span class="na">urlFilter</span><span class="p">:</span> <span class="nx">domain</span><span class="p">,</span> <span class="c1">// Types of browser resources to intercept.</span> <span class="na">resourceTypes</span><span class="p">:</span> <span class="p">[</span> <span class="c1">// Entire page navigations</span> <span class="dl">'</span><span class="s1">main_frame</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Embedded iframes</span> <span class="dl">'</span><span class="s1">sub_frame</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// External JavaScript files</span> <span class="dl">'</span><span class="s1">script</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// AJAX/fetch/XHR requests</span> <span class="dl">'</span><span class="s1">xmlhttprequest</span><span class="dl">'</span> <span class="p">]</span> <span class="p">}</span> <span class="p">}));</span> <span class="c1">// ---------------------------------------------------</span> <span class="c1">// 2. Register rules when extension installs</span> <span class="c1">// ---------------------------------------------------</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">runtime</span><span class="p">.</span><span class="nx">onInstalled</span><span class="p">.</span><span class="nf">addListener</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">declarativeNetRequest</span><span class="p">.</span><span class="nf">updateDynamicRules</span><span class="p">({</span> <span class="c1">// Remove previously existing rules</span> <span class="c1">// to avoid duplicates during reinstalls.</span> <span class="na">removeRuleIds</span><span class="p">:</span> <span class="nx">rules</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">r</span> <span class="o">=&gt;</span> <span class="nx">r</span><span class="p">.</span><span class="nx">id</span><span class="p">),</span> <span class="c1">// Inject the new blocking rules.</span> <span class="na">addRules</span><span class="p">:</span> <span class="nx">rules</span> <span class="p">});</span> <span class="p">});</span> <span class="c1">// ---------------------------------------------------</span> <span class="c1">// 3. Instant popup execution kill-switch</span> <span class="c1">// ---------------------------------------------------</span> <span class="c1">// Even if a popup somehow bypasses the network block,</span> <span class="c1">// this listener acts as a secondary defense layer.</span> <span class="c1">// It watches every tab URL update in realtime.</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">tabs</span><span class="p">.</span><span class="nx">onUpdated</span><span class="p">.</span><span class="nf">addListener</span><span class="p">((</span><span class="nx">tabId</span><span class="p">,</span> <span class="nx">changeInfo</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Ignore updates that don't contain a URL.</span> <span class="k">if </span><span class="p">(</span><span class="nx">changeInfo</span><span class="p">.</span><span class="nx">url</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Normalize URL for safer comparisons.</span> <span class="kd">const</span> <span class="nx">url</span> <span class="o">=</span> <span class="nx">changeInfo</span><span class="p">.</span><span class="nx">url</span><span class="p">.</span><span class="nf">toLowerCase</span><span class="p">();</span> <span class="c1">// Check whether the tab matches</span> <span class="c1">// known popup patterns or redirect signatures.</span> <span class="kd">const</span> <span class="nx">shouldKill</span> <span class="o">=</span> <span class="c1">// Known blocked domains</span> <span class="nx">BLOCKED_DOMAINS</span><span class="p">.</span><span class="nf">some</span><span class="p">(</span><span class="nx">domain</span> <span class="o">=&gt;</span> <span class="nx">url</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">domain</span><span class="p">)</span> <span class="p">)</span> <span class="c1">// Common ad-network query patterns</span> <span class="o">||</span> <span class="nx">url</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">zoneid=</span><span class="dl">'</span><span class="p">)</span> <span class="c1">// Aggressive redirect handler pattern</span> <span class="o">||</span> <span class="nx">url</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">afu.php</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// If detected:</span> <span class="c1">// instantly terminate the tab.</span> <span class="k">if </span><span class="p">(</span><span class="nx">shouldKill</span><span class="p">)</span> <span class="p">{</span> <span class="nx">chrome</span><span class="p">.</span><span class="nx">tabs</span><span class="p">.</span><span class="nf">remove</span><span class="p">(</span><span class="nx">tabId</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">});</span> </code></pre> <p><strong>🚀 The Result</strong></p> <p>The transformation was surreal.<br> The site still attempts the same aggressive click-hijacking flow.<br> Invisible overlays still spawn.<br> Scripts still try redirect chains.<br> But now?</p> <p><strong>💀 The tabs die instantly.</strong></p> <p>No chaos.<br> No cleanup.<br> No losing immersion every five seconds.<br> Just a silent war happening underneath the browser while the video plays normally.</p> <p><strong>🧩 What This Actually Taught Me</strong></p> <p>The interesting part wasn’t blocking ads.</p> <p>It was understanding how modern websites are willing to weaponize the browser itself:</p> <ul> <li>Event hijacking</li> <li>Trusted-click exploitation</li> <li>Fingerprinting</li> <li>Anti-debugging</li> <li>Console wiping</li> <li>Behavioral analysis</li> <li>Redirect chaining</li> <li>Dynamic overlay injection</li> </ul> <p><strong>👨‍💻 Final Thought</strong></p> <p>This entire project started because I got annoyed clicking “Close Tab” fifteen times.<br> It ended with me reverse-engineering popup infrastructure, anti-bot systems, and browser-level request interception pipelines.<br> And honestly?<br> That escalation path perfectly summarizes what I enjoy most about software engineering.</p> <p>Tinkering.</p> <p>And refusing to accept that a system is “unbeatable.”</p> programming chromeextensions cybersecurity browsers