Only protocol obfuscation + https will help. Like skype, for example.
https itself is easily eavesdropped when run through squid+sslbump.
Perhaps, for some time, listening can be delayed by using certificates hardwired into the client and establishing an SSL connection only with these certificates - then until the application is recompiled with new certificates or they figure out how to use the client certificate in the squid (and you still need to get it ) - then they will not be able to listen to the traffic. Here the question arises of the need for wiretapping (the value of information) and the obstinacy of the one who will do this. Script-kiddies will not get around this, but any cryptomaniac - at times.

They will be able to sniff the application no matter how hard you try. The solution is perhaps https + your packet encoder.

SSL will solve your problems. Although MITM is still possible.
If you have self-written encryption, then do this (roughly):
The remote server returns a random string for each request (or just a sequence number).
Add this line to your next data to send - encrypt, give to the server - it decrypts, checks a random string for equality. Thus, until MITM knows the key, it will not be able to retransmit the packet.

Port-scan of the client for an open proxy. This, of course, is wrong, but I do not see any other options.