Learn to Code via Tutorials on Repl.it!

← Back to all posts
Bypassing School Restrictions
h
AdCharity (1287)

Why

Sometimes we just accidentally visit a site we weren't supposed to. And now, your school transcript and record suffers cause you have ** ** ** in your history. Oops! Oh whale 4 you! No. Just kidding. In this tutorial, we'll be reviewing how you can avoid, and even ERASE history on a school chromebook. Btw Method 4 is where the real coding comes in, so if you don't want to read, just stop there.

Disclaimer

Schools actually try to help the well being of students by putting up filters and recording history. On the otherhand, if you look up something that's really messed up, there is still something you can do.

Method 1

Don't look it up. The 100% most effective method for avoiding all history problems (and STD's too!) is abstinence. You can't get in trouble if you don't do it.

But what if you already did the deed?

Method 2

If it's nothing serious, but you really want to hide that one youtube video from your dad, there is a way to cloak the tab under "Google Drive". Let's review what it does. The full script is here:

javascript:(function() { var link = document.querySelector("link[rel*='icon']") || document.createElement('link'); link.type = 'image/x-icon'; link.rel = 'shortcut icon'; link.href = 'https://ssl.gstatic.com/docs/doclist/images/infinite_arrow_favicon_5.ico'; document.title='My Drive - Google Drive'; console.log(document.title); document.getElementsByTagName('head')[0].appendChild(link);})();

Note: dots are there to save reading time. It's pretty self explanatory.
1. The first part (javascript:(function...) is just declaring that our bookmarklet is a piece of javascript. Without it, the script wouldn't even be allowed to be bookmarked.
2. var link = document... link.href = 'https://...'; gets favicon (the little thing logo representing the site) and replaces it with the "infinite arrow" google drive logo
3. document.title=...document.getElementByTagName('... the rest of the stuff replaces the document title with google drive, finds the head tag on the document and inserts all of the information we just did before. Now, when you check your history after activating (clicking) on the bookmarklet, your tab has been renamed Google Drive!

There are some pretty cool things you could do with this script - ie: putting it in a set interval to constantly cloak the current tab

Method 3

Well, maybe you went to far and cloaking the tab but not the link ain't going to cut it. How about this script:

javascript:(function() {window.location.replace("https://www.google.com"); })();

A while back, when I was trying to figure out how to make links that wouldn't save in the cache/history (which is why in my more recent projects I have some avoiding cache meta tags), I realized that replacing the window location literally ERASES HISTORY. This script replaces the current tab with a harmless site, google.com (making the other site that was up before GONE).

What is cool about this script, is (at least for me) I can click on any tab in my history, click the bookmarklet, and that particular entry is replaced with google! Some further revisions to the script could be making an array of potential sites and choosing a random one, to make the erase seem more natural.

Method 4

All of the previous examples are kind of like emergency methods. That's why, I'm introducing the use of iframes and embedding sites. A while back when I made Nova Haven (it's still up) iframes were the only method it employed. And a lot of "unblockers" are really just using iframes as well. When I figured I could just make a search thing, take the link and put it into an iframe, I just ecountered a huge relevation. And now, I'm going to teach you how to do the same.
Let's start by making a repl with html, css, and js. Rather than splitting up everthing (I hate those tutorials cause idk what they're doing). Do yourself a favor and look at the code so you know how to create your own projects :D If you find any errors, tell me... What makes this unique is that a lot of unblocked games sites just have an iframe with the site. Now you can unblock almost any site :)

Steps:
1. take user input for a user url
2. set iframe
3. site unblocked (provided they don't have some fishy protection, which is why you can't unblock discord via an iframe)

Essentially, the unblocker looks like this (hasn't actually been tested, but it's a proof of concept):

HTML + inline Vanilla JS + inline CSS

<style>
html, body{
    margin: 0;
    padding: 0;
    width: 100%;
    height: 100%;
}
iframe{
    border: none;
    outline: none;
    width: 100%;
    height: 100%;
    position: fixed;
    top: 0;
    left: 0;
}
</style>
<input id="unblock" placeholder="Enter URL"/>
<button id="go">Submit</button>
<script>
document.getElementById("go").onclick = go;
function go(){
    var target = document.getElementById("unblock").value;
    if(target.length < 1){
        alert("You need a longer link!"); return;
    }
    else{
        document.body.innerHTML = '<iframe src='+target+'></iframe>'
    }


}
</script>

Note: don't forget the doctype! (and other html standard conventions like a body or including scripts/styles)

Commentshotnewtop
LiamDonohue (278)

100% accurate way to not get in trouble:

don't look it up
-AdCharity 2020

vote for president today!

AdCharity (1287)

@LiamDonohue oh no you've got it wrong

don't look it up
-AdCharity 2019

Evanlicious (80)

I figured out that iframe method a year or two ago, but it stopped working due to my security extension, Securly, figuring out how to block those sites too. My best hope is in bookmarklets to exploit Chrome and Securly. Also, I don't believe bookmarklets can be blocked in any way.

AdCharity (1287)

@Evanlicious oo securly as well huh? Securly now has iframe support as of about 3 months ago

NoelBryan1 (0)

@Evanlicious Securly is terrible...
I found a way to get past the, though! I figured out about these handy sites, “node unblockers”, which are basically a proxy. The proxy is on github for anybody to use, and all you have to do is look it up, look in the desc, and press “upload to heroku”. Or, you can visit http://nodeunblocker.org/ if that’s not blocked. For us it is though, so we have to create our own!

AdCharity (1287)

@NoelBryan1 Ik it was one of the methods on nova haven but it got taken down and my school blocked heroku

AdCharity (1287)

@NoelBryan1 and node unblocker doesn’t work on a lot of things

MrMinimax (142)

I have a deployed node unblocker if you want to just use mine https://node-js-unblocker.herokuapp.com/@AdCharity

AdCharity (1287)

@MrMinimax I know because it was one of the methods employed on NovaHaven. Believe it or not, Heroku actually took NovaHaven down and I've never bothered to re-deploy it.

Evanlicious (80)

@MrMinimax Oh, that's pretty cool. I made something recently that actually uses repl.it to host an entire browser, and pretty much everything is unblocked, granted at a slow speed. Not useful for gaming and stuff, but more for other things.

MrMinimax (142)

Yes i've done the same with chromedriver in polygott. @Evanlicious

AdCharity (1287)

@Evanlicious it's already been shown on the repl documentation/blog or whatever so it's not like it's new.

Evanlicious (80)

@AdCharity True, but I significantly shortened it by converting it to a different language. (Bash.)

[deleted]

Interesting tutorial about bookmarklets. Method 4 would not work in my school because they block iframes with "Bad" sites.

AdCharity (1287)

@sanjaykdragon Same. But it will work against a lot of filters (or at least it did, which is what Nova Haven possible)

DylanGedman (1)

im new whats a iframe

AdCharity (1287)

@DylanGedman for all intended purposes it's a window. It's primarily controlled by the "src" attribute and allows it to display almost any website within itself. However, it doesn't work against Securly, and it doesn't allow the embedding of Google (websites with protection).

DavidShen2 (33)

My school blocked the inspect element function, so this doesn't work.

bithost (0)

@DavidShen2 What browser are your school using?

AdCharity (1287)

@bithost wdym BOOKMARKLETS AREN'T INSPECT ELEMENT. Debes leer por favor

DavidShen2 (33)

@bithost Google Chrome. The inspect element thing is grayed out.

AdCharity (1287)

@DavidShen2 bookmarklets are not inspect element. They are bookmarks of javascripts. If you don't understand that, you will not understand what I am attempting to tell you.

AdCharity (1287)

@theangryepicbanana lmao I tried education... Method 1 is abstinence

bluevalleyk12 (0)

lmao, this is great
i went through the exact same stages, with the page disguiser and the history replacer. I eventually made my own proxy with node.
i find it so funny how we did the exact same thing.

AdCharity (1287)

@bluevalleyk12 :P That's how I started lmfao

[deleted]

In my school (or at least my classroom), google is not allowed.

[deleted]

Google is not 100% filtered from inappropriate content. @AdCharity

flawless57 (0)

Very Helpful for the future!!!

AdCharity (1287)

@flawless57 lmao it's a bit out of date.

UniqueOstrich18 (242)

I just use my own proxy site to view some blocked websites. https://proxy-site--uniqueostrich18.repl.co/

AdCharity (1287)

@UniqueOstrich18 ik how to make one I had Nova Haven for a reason

AdCharity (1287)

@UniqueOstrich18 I have one for personal measures

MrMinimax (142)

Hi @AdCharity, So scurly tracs what I search not via history but via an essential proxy of its own, will method 3 hide that or no?

AdCharity (1287)

@MrMinimax no. I tested it. The only methods available for that are downloading an extension/app from the Play Store if your school is forced to push out educational apps or take advantage of repl's polygott/ability to literally download firefox

PythonLuv (13)

Where should I put the code for the last method? Im on a chrome book so I can't download any code editors and i already tried w3 schools. I also know khan academy blocks them to Help????

AdCharity (1287)

@PythonLuv you're on repl right? I highly suggest learning how to use repl first.

PythonLuv (13)

@AdCharity ohhhh i get it im so dumb sorry

PythonLuv (13)

@AdCharity For me its still blocked

PythonLuv (13)

@PythonLuv im trying ninjakiwi.com and its still blocked

AdCharity (1287)

@PythonLuv chances are you either have securly or its blocked at a router level

PythonLuv (13)

sry my comment thing is slow sory for more than one reply

AdCharity (1287)

@PythonLuv then it won't work. I recommend trying to activate the google play store and signing into a different account and then download Opera + VPN if you can

AdCharity (1287)

@PythonLuv do you have a discord or is that blocked too?

PythonLuv (13)

@AdCharity I have a game im going to publish it to repl

lchu22 (0)
One last method:

If your school blocks a website on the router level, it would be impossible to access the site with any of the methods listed above. However, you could get a virtual desktop with a browser running using a vnc server. Now, you can do anything you want invisibly. I haven't tried running this on repl.it but check this out: https://medium.com/gitpod/developing-native-ui-applications-in-gitpod-15af2967c24e

AdCharity (1287)

@lchu22 if your school blocks on the router level there's two other ways but I'd rather not spread them because they could potentially result in the abuse of repl.it

lightningrock (47)

I_don't_get_it
What_am_i_supposed_to_do?

AdCharity (1287)

@SeanXiao those are bookmarklets. If you can't read (as in the entire thing, sorry), it might be difficult to understand.

PDanielY (976)

Sometimes your school is VERY smart and blocks every way to unblock website. The keyword unblock is blocked on my chromebook

AdCharity (1287)

@PDanielY even for this? should I rename it?

PDanielY (976)

@AdCharity No, Its block only the keyword unblock it doesn't block anything else

AdCharity (1287)

@PDanielY lmao that's why you intentionally misspell certain words like "proxy" -> "proxie"

Evanlicious (80)

@PDanielY You can either add extra characters to words to get them through, or just use the Google Dorks. (Like intext:unblock website.)

PDanielY (976)

@Evanlicious Yea, I just learned about Google Dorks. Google should've blocked Google Dorking a long time ago

Evanlicious (80)

@PDanielY I would have to disagree with that; they have a lot of good purposes for them, to collect data, to find data, etc. While people do use them for bad things, the good ones outweigh the bad.

PDanielY (976)

@Evanlicious Yea but they should at least moderate it

SixBeeps (2304)

This is interesting, I never thought of using iframes for this purpose. My school actually filters the HTML data as well as any outgoing HTTP requests, so I made HomebrewUnblocker to cloak those reqs. Maybe I was a bit extra? lol

AdCharity (1287)

@niorg2606 that's pretty cool :D I also included a pdf option on Nova Haven before I took it down (I suggest you edit your comment and hide it too since most people will likely abuse it). Btw I like iframes because you can also block popups with them with the sandbox attribute.

SixBeeps (2304)

@AdCharity Waaaiiiiit, there's a sandbox attribute?

AdCharity (1287)

@niorg2606 yup I can share a multiplayer repl if u want

AdCharity (1287)

@niorg2606 ok I'll add you (you should get a notification i think)

roylatgnail (851)

@AdCharity that site is

exploitable for meme content