Telegram MTProto Proxy: Everything You Need to Know

By Ava McKinneyOnline Safety

Telegram MTProto Proxy: Everything You Need to Know

After the Telegram blockades in Iran and Russia, a new type of proxy—specifically, a new protocol called MTProto Proxy—started appearing in beta versions of the messenger. This protocol was created by the Telegram team to help bypass censorship, but how effective is it?

Current Proxy Types in Telegram

The main type of proxy Telegram currently uses is SOCKS. It has a critical flaw: the login and password are transmitted in plain text when connecting to the proxy. While this doesn’t allow someone to hijack your Telegram account, it does let anyone monitoring the proxy see that, for example, Ivan Ivanov is using Telegram. In countries that use DPI (Deep Packet Inspection) to analyze traffic, this is exactly how they detect and block prohibited traffic.

What Does Durov Offer?

MTProto Proxy, part of the MTProto protocol family (which Telegram itself uses), solves several problems:

  • To connect, you only need a password instead of a login and password.
  • The traffic is almost indistinguishable from regular HTTPS/TLS traffic.
  • The password is not sent to the server during connection.
  • All traffic is encrypted.
  • Only Telegram can use the proxy (other apps won’t work through it).

Promoted Channels

These features make MTProto Proxy highly specialized for Telegram use only. You can’t use it for general internet traffic, which, surprisingly, is a huge advantage.

Telegram-Only Proxies

Previously, channels and bots would create their own proxies and distribute them to maintain their audience during blockades. These proxies would end up on global proxy lists and were often used for spam and other malicious activities. With MTProto Proxy, you can’t break the law this way—the worst that can happen is Telegram banning your IP address.

For example, with SOCKS proxies, if someone tried to hack a bank or government agency through your proxy, your hosting provider would receive an official complaint and, at best, just block you; at worst, you could end up in court.

Promoted Channels Explained

Promoted channels are channels you are automatically subscribed to when you connect to a proxy. They are pinned at the top of your chat list and can’t be removed unless you disconnect from the proxy. In other words, Telegram now allows proxy owners to monetize their proxies. Previously, you could use a proxy from Channel X (because it was faster) but ignore its content and read Channel Y instead, leaving Channel X to pay for proxy maintenance with no benefit. Now, using a proxy means you pay by subscribing to the channel, which can lead to a surge in proxy creation. The more users on your proxy, the more subscribers your channel gets, and the more valuable your advertising becomes.

Encrypted Traffic

Using Wireshark to analyze the traffic through the proxy, it looks like a regular TCP/SSL connection (without some of the headers specific to HTTPS). In other words, the traffic can be disguised as solutions like Cisco AnyConnect or similar TCP+SSL-based systems. Inside the tunnel, the traffic is a “mess” of encrypted data, protected by the password or secret phrase you enter when connecting, as well as all the features of SSL/TLS.

When Will It Be in Production?

Currently, MTProto Proxy is available in the stable versions of Telegram for OS X and Android, and in beta versions of Telegram Desktop and iOS Telegram X. We’re waiting for a full production release in the Desktop and regular iOS clients. After that, expect an official announcement from the Telegram team explaining the benefits and next steps.

Where Can You Test It?

There’s a semi-official proxy found in Telegram chats that works perfectly with the new protocol and appears to be run by one of the developers:

t.me/proxy?server=proxy.digitalresistance.dog&port=443&secret=d41d8cd98f00b204e9800998ecf8427e

Additionally, enthusiasts on GitHub are analyzing the source code to create their own proxy servers (there’s no official one yet). Here are a few projects: PHP, C#, Rust.

Bonus: Upcoming Features

In the latest version of the VOIP library used by Telegram, support for conference mode was found, so it looks like two big announcements are coming soon.

Updates

  • MTProto Proxy is now part of Telegram’s infrastructure. When Telegram is evading blocks, it multiplies and moves copies of its MTProto Proxy between hosting providers, while the main processing servers stay put. Soon, Telegram will allow users to deploy part of its infrastructure themselves. (The protocol for “native” proxies may differ from what’s currently implemented in Telegram clients as MTProto.)
  • For more details, see a similar post by Anna from Vee Security about proxy types in Telegram and MTProto Proxy, including an analysis of the encryption method.
  • The creators of TgVPN are asking users to test their MTProto Proxy: mtproto.tgproxy.cloud/mtproxy.html
  • The most stable MTProto server version (in my opinion) is written in Rust and available on GitHub: github.com/dotcypress/mtproxy

How to Launch Your Own Proxy

sudo docker run --name 'mtproto_proxy' --restart unless-stopped -p 1984:1984 -dti dotcypress/mtproxy -s 'proxy secret'

Replace proxy secret with your own phrase, which will be used to generate the key.

To get the key:

docker logs mtproto_proxy

Leave a Reply