hexchat 0. Protocol Overview This protocol uses an xmpp chat service as a means to forward tcp traffic from one computer to another. It listens on a port on one computer and forwards data through a chat server to another computer logged into the same chat server. 1. Motivation Many countries that censor their citizens' internet access allow access to xmpp chat servers such as google chat. With the appropriate software, these chat servers can be used to connect and relay traffic to tor bridges. Since most xmpp servers support encryption, it would be difficult stop tor traffic from being relayed through xmpp chat servers without blocking access to the chat server itself. 2. Connecting a. The client sends a connection request to the server. The connection request will be in the form of an IQ if the client knows the server's full JID (user@server/resource). Otherwise, it will be in the form of a message. Enclosed in the message/IQ is information concerning the source ip:port, the ip:port the server should connect to, and a list of JIDs that the client can be reached by. b. The server acknowledges the connection request The server indicates whether the connection succeeded or failed in an IQ stanza. If the connection succeeded, the server sends a list of JIDs that it can be reached by in this IQ stanza. The IQ also contains stanzas that uniquely identify the connection by source ip:port and destination ip:port. 4. Data Exchange a. Data is read from a socket When data is read, it is sent in an IQ stanza. The data itself is base 64 and enclosed in a data stanza. The IQ also contains stanzas that uniquely identify the connection by source ip:port and destination ip:port. b. Data is recieved from the chat server The data is decoded from base 64 and sent to the appropriate socket. 5. Disconnecting a. A disconnect request is sent Disconnect requests are sent in IQ stanzas. The IQ also contains stanzas that uniquely identify the connection by source ip:port and destination ip:port. 6. Error handling When a bot sends XML to a user that is not logged in, the chat server replies in the recipient's stead with an error message. When a bot receives such an error message, it disconnects and sends disconnect requests to a different JID (acquired from the list if JIDs given during the connection phase) until the message goes through or it runs out of alternative JIDs. 9. Acknowledgments Thanks to asn, xnyhps, and the other tor developers for encoraging this idea and all of the useful feedback.