LOGBOOK

HELP

Quiz Entry - updated: 2026.06.19

How does a Trojan proxy evade DPI by being "indistinguishable" from normal HTTPS?

It speaks genuine TLS 1.3 on port 443 to a real domain with a valid certificate, and falls back to a real website on a wrong password — so DPI sees nothing but ordinary HTTPS.

Real TLS 1.3 on 443; a correct in-channel password enters proxy mode, a wrong one serves a real website.

* Trojan proxy — a wrong password (or a probe) just yields an innocent website, so DPI sees ordinary HTTPS. *

A Trojan proxy is a proxy protocol designed so its traffic looks exactly like normal HTTPS, defeating filters and censorship. Its core principle is indistinguishability:

  • Real TLS 1.3 — the standard TLS protocol, just like a browser.
  • Port 443 — the standard HTTPS port, nothing unusual.
  • Valid SSL certificate — a real domain with e.g. a Let's Encrypt certificate.
  • Fallback website — on a wrong password, the server simply serves a real website.

Step by step: (1) client starts a TLS handshake with the Trojan server (looks like normal HTTPS); (2) client sends a password in the TLS-encrypted channel (hashed with SHA-224); (3) server checks the hash — correct → proxy mode, wrong → just show the website; (4) on success, a TLS tunnel carries arbitrary traffic.

Result: DPI cannot distinguish Trojan from normal HTTPS — and probing the server just shows an innocent website.

Tip: The fallback site is the clever bit — an active censor who connects to probe the server sees a perfectly normal website, so there's nothing suspicious to block.

From Quiz: PRIVACY / Anonymous Surfing, Tor & Location Tracking | Updated: Jun 19, 2026