dpyproxy 2.2.0__tar.gz

dpyproxy-2.2.0/.gitignore

@@ -0,0 +1,166 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#pdm.lock
+#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
+#   in version control.
+#   https://pdm.fming.dev/#use-with-ide
+.pdm.toml
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+.idea/
+
+# Custom
+working_resolver_config.json
+
+# ruff
+.ruff_cache/

dpyproxy-2.2.0/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

dpyproxy-2.2.0/PKG-INFO

@@ -0,0 +1,296 @@
+Metadata-Version: 2.4
+Name: dpyproxy
+Version: 2.2.0
+Summary: Python proxy that implements DPI evasion mechanisms (TLS record fragmentation, TCP segmentation, encrypted DNS, HTTP)
+Project-URL: Homepage, https://github.com/UPB-SysSec/DPYProxy
+Project-URL: Issues, https://github.com/UPB-SysSec/DPYProxy/issues
+Author-email: Niklas Niere <niklas.niere@upb.de>, Felix Lange <felix.lange@upb.de>
+License-Expression: Apache-2.0
+License-File: LICENSE
+Keywords: censorship,dns,dpi,http,privacy,proxy,tls
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Intended Audience :: End Users/Desktop
+Classifier: Operating System :: MacOS
+Classifier: Operating System :: Microsoft :: Windows
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Internet :: Proxy Servers
+Requires-Python: >=3.10
+Requires-Dist: aioquic>=1.3.0
+Requires-Dist: anyio>=4.14.0
+Requires-Dist: attrs>=26.1.0
+Requires-Dist: certifi>=2026.5.20
+Requires-Dist: cffi>=2.0.0
+Requires-Dist: cryptography>=49.0.0
+Requires-Dist: dnspython>=2.8.0
+Requires-Dist: exceptiongroup>=1.2.2; python_version < '3.11'
+Requires-Dist: h11>=0.16.0
+Requires-Dist: h2>=4.3.0
+Requires-Dist: hpack>=4.1.0
+Requires-Dist: httpcore>=1.0.9
+Requires-Dist: httpx>=0.28.1
+Requires-Dist: hyperframe>=6.1.0
+Requires-Dist: idna>=3.18
+Requires-Dist: pyasn1-modules>=0.4.2
+Requires-Dist: pyasn1>=0.6.3
+Requires-Dist: pycparser>=3.0
+Requires-Dist: pylsqpack>=0.3.24
+Requires-Dist: pyopenssl>=26.3.0
+Requires-Dist: pytest>=9.1.0
+Requires-Dist: ruff>=0.15.17
+Requires-Dist: service-identity>=26.1.0
+Requires-Dist: sniffio>=1.3.1
+Requires-Dist: typing-extensions>=4.12.2; python_version < '3.12'
+Description-Content-Type: text/markdown
+
+# DPYProxy
+DPYProxy is a python proxy that implements DPI evasion mechanisms. To circumvent TLS censorship, TLS record fragmentation and TCP
+segmentation are implemented. To circumvent DNS censorship, DPYProxy uses encrypted DNS and TCP segmentation. All DPI evasion mechanisms can be enabled separately.
+
+DPYProxy comes with a TLS and DNS module circumventing TLS and DNS censorship respectively. Both modules are enabled by default:
+
+
+### DNS Module
+You can run the DNS module of DPYProxy locally or on a separate machine. It functions as a DNS resolver that circumvents
+DNS censorship. In a typical setup, DPYProxy runs locally replacing your previous DNS resolver in your system setup.
+
+The DNS module automatically determines a working circumvention method and DNS resolver. You can also specify a 
+circumvention method and resolver manually (see Usage). 
+
+The DNS module saves working circumvention methods and resolvers to a file `working_resolvers.json`. This file is loaded
+on startup to speed up the determination of a working circumvention method. You can force re-determination using the 
+`--dns_skip_working_file` flag.
+
+### TLS Module
+You can run the TLS Module of DPYProxy locally or on a separate machine. It functions like an HTTP CONNECT/SOCKSv4/SOCKSv5 proxy. I.e., you can specify
+it as your Firefox/Chrome/System Proxy.
+
+In a typical setup, DPYProxy runs locally replacing your previous proxy in your browser or system setup. You can specify
+your previous proxy as a forward proxy for DPYProxy. This can be helpful if you need DPYProxy for DPI evasion and a
+separate proxy for IP censorship circumvention.
+
+The TLS module does not automatically determine a working circumvention method. You need to specify the circumvention 
+method manually (see Usage). However, by default, the TLS module uses the DNS module to resolve DNS queries. 
+Thus, if you run both modules, the DNS module automatically determines a working circumvention method for DNS queries 
+used by the TLS module.
+
+### HTTP Module
+You can run the HTTP module of DPYProxy locally or on a separate machine. It functions like an HTTP CONNECT/SOCKSv4/SOCKSv5 proxy. I.e., you can specify
+it as your Firefox/Chrome/System Proxy.
+
+In a typical setup, DPYProxy runs locally replacing your previous proxy in your browser or system setup. You can specify
+your previous proxy as a forward proxy for DPYProxy. This can be helpful if you need DPYProxy for DPI evasion and a
+separate proxy for IP censorship circumvention.
+
+The HTTP module does not automatically determine a working circumvention method. You need to specify the circumvention 
+method manually (see Usage). Simple HTTP request alterations (e.g., lowercase request) and HTTP Request Smuggling 
+strategies are implemented. A list of all implemented strategies can be found in: modules/http/HttpStrategies. 
+**Be careful: HTTP request smuggling is a network attack against benign hosts and its implementation is experimental.
+Plain HTTP traffic is also visible to any party that can read your traffic (such as your ISP). Use HTTPS (HTTP over TLS)
+instead**
+
+> The HTTP module is disabled by default. Enable by providing --disabled-modules ""
+
+> HTTP request smuggling can be dangerous: https://portswigger.net/web-security/request-smuggling. Only enable if you
+> know what you are doing and only use it against servers you have permission access via request smuggling. 
+> HttpStrategies 100-129 are HTTP request smuggling strategies.
+
+# Requirements
+You can run DPYProxy with Python or Docker. The requirements for both options are listed below.
+- python3 (if you want to run DPYPRoxy with Python)
+  - `sudo apt install python3`
+  - `pip3 install .` to run as module with `python3 main.py` or `python3 -m dpyproxy`
+  - OR [install hatch](https://hatch.pypa.io/latest/install/) and run using `hatch run dpyproxy`
+- docker (if you want to run DPYProxy in a container)
+  - https://docs.docker.com/engine/install/
+  
+# Quick Start
+Start DPYProxy with Docker: 
+```sh
+docker-compose up
+```
+Alternatively, start DPYProxy with Python:
+```sh
+python3 main.py --tls_record_frag --tls_tcp_frag --tls_frag_size 20 --tls_port 4433 --dns_port 5533
+```
+After automatically determining a circumvention method, the expected output looks like this:
+```
+INFO:root:DNS Module and TLS module found. Setting DNS server for TLS Module
+INFO:root:Determining working circumvention method / resolver!
+### Started TCP proxy on localhost:4433 ###
+INFO:root:Found working circumvention method / resolver UDP - 1.0.0.3:53! Checking if consistently reachable!
+INFO:root:UDP - 1.0.0.3:53 consistently reachable, keeping!
+INFO:root:Finding consistent mode and starting resolvers took 0.0792999267578125 seconds in total.
+### Started UDP DNS server on 127.0.0.1:5533 ###
+### Started TCP DNS server on 127.0.0.1:5533 ###
+```
+
+DPYProxy now resolves all DNS requests to port 5533. 
+You can send a DNS request to the DNS server using `dig`:
+```sh
+dig wikipedia.org @127.0.0.1 -p 5533
+```
+
+You can also configure the DNS resolver `127.0.0.1:5533` in any application that supports custom DNS resolvers, e.g., in your browser or system settings.
+
+You can test the TLS circumventions using curl
+```sh
+curl -p -x localhost:4433 https://www.wikipedia.org
+```
+
+Detailed usage of DPYPRoxy-DNS and the original TLS module can be found below.
+
+# Usage
+
+```
+usage: main.py [options]
+
+Proxy for circumventing DPI-based censorship.
+
+TLS Module:
+  --tls_disabled_modes {HTTP,HTTPS,SNI,SOCKSv4,SOCKSv4a,SOCKSv5}
+                        List of proxy modes to ignore. By default, all none are disabled. Hence, all are enabled
+  --tls_timeout TLS_TIMEOUT
+                        Connection timeout in seconds
+  --tls_host TLS_HOST   Address the proxy server runs on
+  --tls_port TLS_PORT   Port the proxy server runs on
+  --tls_record_frag, --no-tls_record_frag
+                        Whether to use record fragmentation to forwarded TLS handshake messages (default: True)
+  --tls_tcp_frag, --no-tls_tcp_frag
+                        Whether to use TCP fragmentation to forwarded messages. (default: True)
+  --tls_frag_size TLS_FRAG_SIZE
+                        Bytes in each TCP/TLS record fragment
+  --tls_dns_server_ip TLS_DNS_SERVER_IP
+                        DNS server IP for all DNS queries of the TLS module. If not given, the DNS server started by the DNS module us used. If DNS module is not used, the OS default DNS server is used.
+  --tls_dns_server_port TLS_DNS_SERVER_PORT
+                        DNS server port for all DNS queries. Only set if a DNS server IP is given. If not given, the default port 53 is used.
+  --tls_forward_proxy_host TLS_FORWARD_PROXY_HOST
+                        Host of the forward proxy if any is present
+  --tls_forward_proxy_port TLS_FORWARD_PROXY_PORT
+                        Port the forward proxy server runs on
+  --tls_forward_proxy_mode {HTTP,HTTPS,SNI,SOCKSv4,SOCKSv4a,SOCKSv5}
+                        The proxy type of the forward proxy
+  --tls_forward_proxy_resolve_address, --no-tls_forward_proxy_resolve_address
+                        Whether to resolve domains before including them in the HTTP CONNECT request to the second proxy (default: False)
+
+DNS Module:
+  --dns_mode DNS_MODE   Mode that the DNS proxy operates in. Default AUTO. If not set to AUTO, still attempts to automatically determine a resolver for the configured mode. To pre-define the used DNS mode and server set this flag and the dns_resolver_host and optionally the dns_resolver_port flags.
+  --dns_timeout DNS_TIMEOUT
+                        Connection timeout in seconds. For the LAST_RESPONSE mode this timeout will always be reached. Set this timeout and the timeout of calling application accordingly.
+  --dns_host DNS_HOST   Address the proxy server runs on
+  --dns_port DNS_PORT   Port the proxy server runs on
+  --dns_resolver_host DNS_RESOLVER_HOST
+                        DNS resolver IP. If set, must correspond to the selected dns_mode.
+  --dns_resolver_port DNS_RESOLVER_PORT
+                        DNS resolver port. If set, must correspond to the selected dns_mode. If unset, port is chosen based on the chosen or determined mode's standard port
+  --dns_censored_domain DNS_CENSORED_DOMAIN
+                        A domain name censored in your location. Used to determine working circumventions methods. Specify together with --dns_censored_domain_ip
+  --dns_compare_ip_ranges DNS_COMPARE_IP_RANGES
+                        A list of IP ranges the resolved IP of the censored domain lies in. The censored domain is specifiable in --dns_censored_domain.
+  --dns_block_page_ips DNS_BLOCK_PAGE_IPS
+                        Whether the given IP ranges to compare are block page IPs or not. Default is False.
+  --dns_add_sni DNS_ADD_SNI
+                        Whether or not to include the SNI for encrypted DNS modes. Defaults to True.
+  --dns_skip_working_file DNS_SKIP_WORKING_FILE
+                        Whether taking the stored working resolver from a file should be skipped. Defaults to False.
+
+HTTP Module:
+  --http_timeout HTTP_TIMEOUT
+                        Connection timeout in seconds
+  --http_host HTTP_HOST
+                        Address the proxy server runs on
+  --http_port HTTP_PORT
+                        Port the proxy server runs on
+  --http_strategy HTTP_STRATEGY
+                        Number of which specific http manipulation strategy to apply. None: no manipulation, [1..70]: basic manipulations, [101, 129]: Smuggling.See HttpStrategies for meaning.
+  --http_smuggling_uncensored_url HTTP_SMUGGLING_UNCENSORED_URL
+                        Uncensored url to use for http smuggling.
+
+Standard options:
+  -h, --help            Show this help message and exit
+  --debug, --no-debug   Turns on debugging (default: False)
+  --disabled_modules DISABLED_MODULES
+                        List of proxy modules to disable. By default, all none are disabled. Hence, all are enabled
+```
+
+## Examples
+
+`python3 main.py --disabled_modules TLS` launches DPYProxy with just the DNS module enabled. The TLS module is disabled and not
+used at all. The DNS module starts in its auto mode by default.
+
+`python3 main.py --tls_record_frag --no-tls_tcp_frag` launches DPYProxy with TLS record fragmentation enabled. TCP fragmentation is 
+turned off. The DNS module is also enabled with its default auto mode to determine a working circumvention. Using this circumvention, a
+resolver is started that can be used on the system in general and is used by the TLS module by default.
+
+`python3 main.py --tls_frag_size 100` launches DPYProxy with both TLS record and TCP fragmentation
+and sets the fragment size to 100 bytes. The TLS record will be of size 100 while the encompassing TCP segments will be
+just large enough to contain the fragmented TLS record. The DNS module is also enabled with its default auto mode to determine a working circumvention. Using this circumvention, a
+resolver is started that can be used on the system in general and is used by the TLS module by default.
+
+`python3 main.py --http_smuggling 23 --http_smuggling_uncensored_url 2` launches DPYProxy with HTTP Request Smuggling strategy number 23 enabled, using the second of three incorporated urls that are found to be uncensored (in china).  This specific strategy includes the Content-Length Header to set the bounds before the hidden request and the Transfer-Encoding Header to set them after the body to hide the second request. Additionally the Transfer-Encoding Header gets modified to include a 
+second Colon (Transfer-Encoding:: chunked). 
+A list of all implemented smuggling strategies (and direct manipulations) can be found in: modules/http/HttpStrategies. There you will also find the three uncensored urls.
+
+
+`python3 main.py --record_frag --forward_proxy_address 192.168.0.1 --forward_proxy_port 8080 --forward_proxy_mode HTTPS 
+--forward_proxy_resolve_address` launches DPYProxy with TLS record fragmentation and a forward proxy. The forward proxy 
+is specified by its address and port. While DPYProxy accepts HTTP GET, HTTP CONNECT and TLS ClientHello messages for 
+proxying, it connects to the forward proxy using HTTP CONNECT. The DNS module is also enabled with its default auto mode to determine a working circumvention. Using this circumvention, a
+resolver is started that can be used on the system in general and is used by the TLS module by default.
+
+## Testing
+
+Setup DPYProxy using 
+```sh
+python3 main.py --tls_record_frag --tls_tcp_frag --tls_frag_size 20 --tls_port 4433 --dns_port 5533
+```
+
+You can test the TLS circumventions using curl
+```sh
+curl -p -x localhost:4433 https://www.wikipedia.org
+```
+
+Using some kind of capturing tool like Wireshark, you can inspect the fragmented TLS records and TCP segments.
+
+You can test the DNS circumventions using dig
+```sh
+dig wikipedia.org @127.0.0.1 -p 5533
+```
+
+Using some kind of capturing tool like Wireshark, you can inspect the made DNS requests for the selected circumvention strategy.
+# Docker
+
+You can run DPYProxy in a Docker container. A standard setting is provided in the `docker-compose.yml` file. You can
+also build the image yourself using the provided `Dockerfile` or change the parameters in the `docker-compose.yml` file.
+
+Start the container with: 
+```sh
+docker-compose up
+```
+
+# Roadmap
+
+We developed DPYProxy when writing a blogpost in which we circumvented the GFW with TLS record fragmentation. Thus, the 
+functionality of DPYProxy is currently limited. Below, I gathered some potential avenues for the future.
+
+## Implemented
+- [x] HTTP Connect Proxy
+- [x] SNI Proxy
+- [x] DNS Resolver
+- [x] Socksv4/Sockv5 proxy
+- [x] TLS record fragmentation
+- [x] TCP Fragmentation
+- [x] HTTP Circumventions
+
+## Todo
+- [ ] unit tests...
+- [ ] IPv6
+
+## Maintainance
+- Run `ruff check --fix` to fix the auto fixable lint issues.
+- Run `ruff format .` to pretty the code. Few could need a manual effort.