Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MTProtoProxy Not Working in Iran #25

Closed
A2116 opened this issue Jul 21, 2020 · 10 comments
Closed

MTProtoProxy Not Working in Iran #25

A2116 opened this issue Jul 21, 2020 · 10 comments
Labels
wontfix This will not be worked on

Comments

@A2116
Copy link

A2116 commented Jul 21, 2020

mtproto connect from ADSL but not from the 4G network
@DanialNikbin
Copy link

I'm facing the same problem. It's not working on mobile network at all.

@HirbodBehnam
Copy link
Owner

Iran blocks MTproto proxy on fly.
Not related to script issue as said in the issue template.

@HirbodBehnam HirbodBehnam added the wontfix This will not be worked on label Jul 21, 2020
@HirbodBehnam HirbodBehnam changed the title mtproto connection problem MTProtoProxy Not Working in Iran Jul 22, 2020
@HirbodBehnam
Copy link
Owner

I thought to myself that maybe I should change the title and pin this issue in order to allow people to discuss this issue in only one thread.

@HirbodBehnam HirbodBehnam pinned this issue Jul 22, 2020
@sinascorpion
Copy link

Is there any way to hide packet connections?

@DanialNikbin
Copy link

How did they block? I thought because of random padding they are not able to block.

@FaridAghili
Copy link

Anything new?

@HirbodBehnam
Copy link
Owner

HirbodBehnam commented Sep 13, 2020
edited
Loading

I did some work on how Iran blocks Fake TLS and I found some interesting things.
It looks like that Iran blocks certain browser fingerprints in order to block proxies. Possibly if there is a lot of requests using a old or maybe specific browser fingerprint, it enables whitelister on server.
Whitlelister blocks all of the HTTPS traffic that is from old browsers. I have an server that has whitelister on it. I tried connecting to a legit HTTPS server on it with Chrome 76 (witch is the browser that Cloak mimics) and I couldn't connect to it; However Chrome 85 and 64, Firefox 80 and cURL 7.55.1 were completely fine. Probably only some old browser signatures are blocked. It's also good to note that Fake TLS and OpenVPN are not working.
This also could explain why a lot of uses have problems connecting with iOS devices because this file that is probably the one that have the fingerprints, is not updated in a while.

I don't think anything is possible from server side to defeat this, because client hello is important. Maybe just maybe updating the Client Hello fingerprint regularly in clients helps users to bypass the whitelister. Also, another good (but more complex) approach is to randomly use a fingerprint. Also there is no need to say that using a real TLS connection will fix most of these problems.

Update: It looks like that fake tls is working fine on windows and android. I started a netcat listener on port 443; Telegram iOS didn't transmit any packet but windows and android were fine. I checked windows version fake tls fingerprint using wireshark and it is this

@alty-ir
Copy link

alty-ir commented Oct 31, 2020

Maybe a possible way is that host mtproxy in iran server and tunneling the income traffics of proxy server to another server in other nations like germany via openvpn or other solutions.

@FaridAghili
Copy link

@alty-ir
There's a solution already, check this out.

@MoSi8160
Copy link

there is no way to use ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@FaridAghili @HirbodBehnam @alty-ir @MoSi8160 @sinascorpion @DanialNikbin @A2116