Rather than go to all that effort of doing something illegal for an individual, it's far simpler to find prior work.

https://www.google.com/search?q=javascript+injection+by+isps

Or QUANTUM INSERT/man-on-the-side attacks.

If I lived in a country where all ISPs are allowed to inject my traffic with ads, I probably wouldn't use the Internet without a decent VPN.