First, A Critical Clarification: This is NOT a Malicious Trojan Horse
Important Security Notice
"Trojan" in network security usually refers to malicious software. The Trojan protocol discussed here has NOTHING to do with malware. It's a completely legitimate, open-source proxy protocol designed for privacy and security.
The name can be confusing, but here's the key distinction: The Trojan protocol simply borrows the concept of the legendary Trojan Horse's ability to disguise itself. Just as the wooden horse appeared harmless to the people of Troy, the Trojan protocol makes your network traffic appear as normal, everyday HTTPS web browsing.
This is purely a metaphorical reference to the idea of "hiding in plain sight." The protocol itself is completely transparent, open-source, and designed with legitimate privacy goals in mind.
Etymology Clarification
The protocol was named "Trojan" because it "hides inside" legitimate HTTPS traffic, just like the mythical Trojan Horse hid soldiers inside what appeared to be a harmless gift.
The Core Concept: Hiding in Plain Sight by Imitating HTTPS
Most proxy protocols have their own unique "fingerprints" that advanced firewalls can identify and block. Trojan takes a completely different approach: instead of creating any new characteristics, it perfectly disguises its data stream as the most common and trusted traffic on the internet—HTTPS (secure web browsing).
To network censorship systems, your Trojan traffic looks exactly like visiting your bank, Google, or any other secure website, so they choose to let it pass through unchanged.
How Different Protocols Appear to Network Monitoring
Traditional Protocols
"This looks like proxy traffic - BLOCK IT!"
Trojan Protocol
"This looks like normal HTTPS - allow it through."
Actual HTTPS
Real website traffic (indistinguishable from Trojan)
The Ultimate Camouflage
Trojan doesn't just look similar to HTTPS—it IS HTTPS from the perspective of any monitoring system. This makes it incredibly difficult to detect or block without affecting legitimate web browsing.
How Does Trojan Achieve This? The Technical Details
Understanding how Trojan works requires looking at its three-layer architecture that creates perfect HTTPS camouflage:
1. It's Not a Proxy, It's a Proxy Handler
Unlike other protocols that handle proxy logic themselves, Trojan acts as an intelligent "gatekeeper" that runs behind a real web server (like Nginx or Apache):
Internet User
Web Server + Trojan
Trojan inspects incoming traffic and decides: "Is this a real visitor or a Trojan client?"
-
•
Front Layer: A legitimate web server (Nginx/Apache) handles all incoming connections
-
•
Detection Layer: Trojan examines each connection to identify authorized clients
-
•
Proxy Layer: Only authenticated connections get forwarded to the proxy backend
2. Real Website as a Disguise
This is where Trojan's genius truly shines. The server appears to be hosting a completely normal website:
Regular Visitor Experience
-
👀
Sees a normal website (blog, business, etc.)
-
🌐
Can browse pages, read content normally
-
🤷
Has no idea proxy functionality exists
Trojan Client Experience
-
🔑
Provides correct password/certificate
-
🚀
Gets full proxy functionality
-
🔒
Traffic tunneled through proxy backend
3. Standard TLS Encryption
Trojan doesn't invent new encryption—it uses exactly the same TLS encryption that protects your online banking:
-
•
Standard TLS 1.2/1.3: The same encryption used by all legitimate HTTPS websites
-
•
Valid SSL Certificates: Uses real domain names with proper certificates
-
•
Indistinguishable Traffic: Encryption signatures match normal HTTPS patterns exactly
Setup Requirement
Trojan requires a real domain name and SSL certificate to work properly. This makes it more complex to set up than some other protocols, but it's essential for the disguise to be effective.
Trojan vs. VLESS vs. VMess: Which is Best for You?
Each protocol excels in different scenarios. Here's an honest comparison to help you choose:
Trojan
Ultimate Disguise
Best For:
- • Maximum censorship resistance
- • High-risk environments
- • Long-term stability
Trade-offs:
- • Requires domain + SSL cert
- • More complex setup
- • Slightly higher resource usage
VLESS
Extreme Performance
Best For:
- • Maximum speed
- • Gaming and streaming
- • Low-latency requirements
Trade-offs:
- • Less camouflage than Trojan
- • May be more detectable
- • Newer, less mature
VMess
Maximum Flexibility
Best For:
- • Custom configurations
- • Multiple transport options
- • Advanced users
Trade-offs:
- • Highest performance overhead
- • Most complex configuration
- • Time synchronization needed
Quick Decision Guide
Choose Trojan if:
Detection avoidance is your #1 priority
Choose VLESS if:
Speed and performance matter most
Choose VMess if:
You need maximum configuration options
For detailed technical comparisons, check out our comprehensive guides: VLESS protocol guide and VMess protocol guide.
Ready to Use the Power of Disguise?
Trojan is a powerful tool for bypassing advanced network censorship. Its ability to perfectly mimic HTTPS traffic makes it one of the most resilient proxy protocols available. You can find working nodes in our regularly updated list.
Experience Ultimate Camouflage
Updated daily with working Trojan nodes that perfectly disguise themselves as HTTPS
Popular Trojan-Compatible Clients
- v2rayN (Windows): Full Trojan protocol support
- v2rayNG (Android): Mobile Trojan client
- Shadowrocket (iOS): Premium iOS Trojan client
- Clash for Windows: Cross-platform with Trojan support
- QuantumultX (iOS): Advanced iOS proxy client
- Trojan-Go: Enhanced server implementation
Server Setup Tip
If you're setting up your own Trojan server, remember to host a real website on the same domain. This completes the disguise and makes the camouflage perfect. A simple blog or business website works great!