P410n3 - blog: Slipping past China’s Firewall in a Trojan Horse

Sometime in 1260–1180 BC some smart Greek dudes used a “Trojan Horse” to smuggle their soldiers inside of the city of Trojan. In 2019 some smart Chinese dudes use a software called “Trojan” to smuggle their TCP/IP Packets outside of the country. And I think that’s just as exciting.Continuing to research about Firewalls and bypassing them just as in my previous two blogposts, I was made aware of the Trojan Project on Github by a guy called itshaadi. He and another Chinese guy confirmed that Trojan could successfully hide their traffic well enough to bypass their respective censorship machines.

What does Trojan do?

The theory behind Trojan is fairly simple, yet brilliant. Trojan, like many other tools that are made for censorship circumvention, imitates HTTPS traffic. The catch however is, that a Trojan Server also serves a legitimate Website or Service at the same time. If a normal user connects to a Trojan Server on the HTTPS port 443, he will be served a legitimate website or service. It’s worth noting that you can redirect such requests to ANY service on your server that you want to. It can work with any web server (NGINX, Apache2, Caddy etc.) or just about any service. As long as you have control over Port 443 and Trojan configured properly, you can do what you want really.
When a non-Trojan request happens, Trojan handles it seamlessly. No weird redirects or anything happen which might raise some suspicions. It just behaves normal. So if you host a website on that server, all the user will see is a normal website, just as expected. If YOU however connect to the same server on the same port, using a correctly structured request and a valid password, you will be able to use the Trojan server as a proxy and finally bypass these Firewalls! All this closely imitates normal HTTPS traffic, so neither a firewall or a SysAdmin will be able to tell that you are actually bypassing a firewall right now.
itshaadi made a boilerplate for using Trojan alongside NGINX. This differs from the original implementation, but it does show a very useful setup, and is actively deployed to circumvent censorship as I write this text. Here is a illustration from his project:

Similar Articles:

China Telecom Swallows Huge Amount of European Mobile Traffic For Over Two Hours

China Telecom Swallows Huge Amount of European Mobile Traffic For Over Two Hours

For two hours, a large chunk of European mobile traffic was rerouted through China

For two hours, a large chunk of European mobile traffic was rerouted through China

Security Without Borders

Security Without Borders

Using Disposable Services

Using Disposable Services