A simple python tool to pinpoint the IP addresses of machines working for the Great Firewall of China.
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md updated the README with fqrouter's shoutout May 9, 2013
mongol.py added a timeout to the second socket instance Dec 18, 2012



Mongol.py is a tool that was inspired by a research paper[0] that described the physical location and number of routers acting for the Great Firewall (GFW) of China

Mongol is effectively a implementation of the research tool used by Xu etc all, with the intent to demystify some aspects of the GFW. It is built using scapy[1] for some of the TCP header modification requirements

[0] http://pam2011.gatech.edu/papers/pam2011--Xu.pdf

[1] http://www.secdev.org/projects/scapy/


User @fqrouter has been running with this concept and taken it far past my initial ideas.

Please check out his work at: https://github.com/fqrouter/qiang


python mongol.py -i hostslist.txt -o outputfilename.txt

hostslist.txt --- The input file is a newline seperated list of ip's and domain names of websites hosted within china.

outputfilename.txt --- The output file will be location where ip addresses of found filtering devices will be printed.

##How it works

Mongol MUST be run on a device that is Internet facing, aka NOT behind a router or firewall.

Mongol works by stimulating the keyword filtering that the GFW uses. First we create a test connection and check that the site is indeed hosting a webserver and is live. Then by sending the stimulus 'tibetalk' the keyword filtering will become active. Finally we run a TCP header traceroute and find the last hop before RST packets are sent back. RST packets are the GFW's method of stopping connections with filtered keywords.