tienanhemho / auto-trojan Goto Github PK

Trojan-Go is an unidentifiable mechanism that helps you bypass censorship firewalls. Trojan features multiple protocols over TLS to avoid both active/passive detections and ISP QoS limitations. For more information on Trojan protocol visit Trojan-GFW and Trojan-Go

This script allows you to easily setup and configure a trojan server.

Although many VPN services use TLS as their transport (eg. Cisco AnyConnect), Censors are able to distingush the VPN traffic from real HTTPS traffic. They do so by analysing the TLS handshake parameters, Validity of certificates and ... Trojan-Go is undetectable by these Passive Detection methods because it establishes a TLS connection exactly like a real web server with a valid HTTPS certificate does.

In some cases, Censors could go beyond Passive methods and probe IPs to check if they are indeed a web server and not a VPN connection. Trojan-Go addresses this issue by serving a decoy website alongside the proxy service.

Censors may try to blacklist your IP in case they realize it is a Trojan server. To avoid IP leakage and also counter blocking by IP, you can configure CloudFlare as a middle proxy. In this scenario if the censors try to block your service, they will have to block the Cloudflare IP which causes too much collateral damage (Many sites use CloudFlare as CDN). To make your server compatible with Cloudflare CDN you might have to enable WebSocket on Trojan Server.

Although using CDN will make the server's IP hidden from the adversary, Due to the lack of encryption of SNI in HTTPS protocol, censors can still eavesdrop on the domain name and block the domain name upon suspicious network behavior. (Shame on the engineers who designed SNI!!)

Another thing to keep in mind is to avoid DNS leaks because DNS is also an unencrypted protocol. A possible workaround is to use DNSSEC or DoH (DNS over HTTPS)

TODO.