npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

demergi

v2.2.3

Published

A proxy server that helps to bypass the DPI systems implemented by various ISPs

Downloads

79

Readme

Last version Docker image size License


Demergi

A zero dependency proxy server that helps to bypass the Deep Packet Inspection (DPI) systems implemented by various ISPs.

How does it work?

Although traffic over an HTTPS connection is encrypted, the client and server exchange some information during the initial TLS handshake to negotiate the encryption. In this initial handshake, the client sends the name of the server it is contacting in clear text (ClientHello packet) so that the server knows which certificate to provide. Deep Packet Inspection (DPI) systems can intercept this communication and block the connection. To avoid detection, Demergi fragments and modifies this initial packet.

There are promising solutions to the problem of hiding as much information as possible in the initial handshake of a TLS connection, one being Encrypted Client Hello (ECH). However, until these solutions are fully deployed, tools such as Demergi can be useful as evasion mechanisms.

To learn more about how a TLS connection works, I recommend these excellent resources:

For HTTP traffic, Demergi also modifies the packet header to make interception more difficult, but as the traffic is not encrypted, this should be avoided where possible.

[!WARNING] Demergi should not be used as a replacement for a VPN if you are concerned about the consequences of your traffic being detected, as the techniques used are not infallible, but are good enough to access blocked content from your own network without the need for a VPN.

How do I use it?

Demergi is an HTTP/HTTPS proxy server designed to be deployed within the network where traffic is being blocked. Either on the device you wish to access the content from or on a network appliance.

Simply deploy it and adjust the proxy settings of your browser or other software to connect through Demergi.

Command line

You can install Demergi with npm:

npm install -g demergi

Or directly download the latest version from the releases section.

[!NOTE] If you want to install it as a service, you can use the following systemd unit or macOS launchd service as a reference.

Once installed, you can run it with the demergi command.

$ demergi --help
Usage: demergi [OPTION]...

A proxy server that helps to bypass the DPI systems implemented by various ISPs.

Proxy:
  -A, --addrs STR, $DEMERGI_ADDRS
  The address list separated by commas or spaces to bind the server to
  ("[::]:8080" by default).

  -H, --hosts STR, $DEMERGI_HOSTS
  The host list separated by commas or spaces to apply the evasion techniques,
  will be applied to all hosts if unspecified (unspecified by default).

  -W, --workers NUM, $DEMERGI_WORKERS
  The number of workers (0 by default).

  --tls-ca STR, $DEMERGI_TLS_CA
  Path to the TLS certificate bundle used to verify the client identity
  (unspecified by default).

  --tls-key STR, $DEMERGI_TLS_KEY
  Path to the server TLS key (unspecified by default).

  --tls-cert STR, $DEMERGI_TLS_CERT
  Path to the server TLS certificate (unspecified by default).

  --inactivity-timeout NUM, $DEMERGI_INACTIVITY_TIMEOUT
  Maximum time in ms before the connection is closed due to inactivity
  (60000 by default).

  --happy-eyeballs BOOL, $DEMERGI_HAPPY_EYEBALLS
  Enable Happy Eyeballs algorithm (RFC 8305) (EXPERIMENTAL) (false by default).

  --happy-eyeballs-timeout NUM, $DEMERGI_HAPPY_EYEBALLS_TIMEOUT
  Maximum time in ms for IPv6 before trying IPv4 (250 by default).

Resolver:
  --dns-mode STR, $DEMERGI_DNS_MODE
  The DNS resolver mode, valid values are "plain", "doh" and "dot" ("doh" by
  default).

  --dns-cache-size NUM, $DEMERGI_DNS_CACHE_SIZE
  The maximum number of entries in the DNS cache (100000 by default).

  --doh-url STR, $DEMERGI_DOH_URL
  The DoH server URL ("https://1.0.0.1/dns-query" by default).

  --doh-tls-servername STR, $DEMERGI_DOH_TLS_SERVERNAME
  The server name to check in the DoH server certificate (unspecified by
  default).

  --doh-tls-pin STR, $DEMERGI_DOH_TLS_PIN
  The pin to check in the DoH server certificate. The pin must be a base64
  encoded SHA256 hash of the public key (unspecified by default).

  --dot-server STR, $DEMERGI_DOT_SERVER
  The DoT server host and optionally port ("1.0.0.1" by default).

  --dot-tls-servername STR, $DEMERGI_DOT_TLS_SERVERNAME
  The server name to check in the DoT server certificate (unspecified by
  default).

  --dot-tls-pin STR, $DEMERGI_DOT_TLS_PIN
  The pin to check in the DoT server certificate. The pin must be a base64
  encoded SHA256 hash of the public key (unspecified by default).

HTTPS:
  --https-clienthello-size NUM, $DEMERGI_HTTPS_CLIENTHELLO_SIZE
  The maximum chunk size in bytes for the ClientHello packet. A less than 1
  value disables fragmentation (40 by default).

  --https-clienthello-tlsv STR, $DEMERGI_HTTPS_CLIENTHELLO_TLSV
  The TLS protocol version to set in the ClientHello packet, valid values are
  "1.0", "1.1", "1.2" and "1.3" ("1.3" by default).

HTTP:
  --http-newline-separator STR, $DEMERGI_HTTP_NEWLINE_SEPARATOR
  The string to use to separate new lines ("\r\n" by default).

  --http-method-separator STR, $DEMERGI_HTTP_METHOD_SEPARATOR
  The string to use to separate the HTTP method from the target (" " by
  default).

  --http-target-separator STR, $DEMERGI_HTTP_TARGET_SEPARATOR
  The string to use to separate the target from the HTTP version (" " by
  default).

  --http-host-header-separator STR, $DEMERGI_HTTP_HOST_HEADER_SEPARATOR
  The string to use to separate the host header key from its value (":" by
  default).

  --http-mix-host-header-case BOOL, $DEMERGI_HTTP_MIX_HOST_HEADER_CASE
  Alternate upper and lower case in the host header (true by default).

Info:
  -l, --log-level STR, $DEMERGI_LOG_LEVEL
  The log level, valid values are "debug", "info", "warn", "error" and "none"
  ("info" by default).

  -v, --version
  Show version and quit.

  -h, --help
  Show this help and quit.

Docker/Podman

Demergi is also distributed in container images. The default behaviour can be changed using environment variables or container arguments.

Docker Hub:

docker run -p 8080:8080 docker.io/hectorm/demergi:latest

GitHub Container Registry:

docker run -p 8080:8080 ghcr.io/hectorm/demergi:latest

License

MIT License © Héctor Molinero Fernández.