libcurl.js

libcurl.js is a port of the popular libcurl C library to WASM for use on the web. It allows you send end-to-end encrypted HTTPS requests from the browser, bypassing CORS without the proxy server being able to read request contents.

See the Github repository for more information. Packages are available on NPM.

Features:

Provides an API compatible with the browser's native Fetch API
End-to-end encryption between the browser and the destination server
Bypass CORS restrictions without compromising on privacy
Support for up to TLS 1.3
Support for proxying HTTP/2 connections and WebSockets
High performance and low latency via multiplexing and reusing open connections
Works in all major browsers (Chromium >= 64, Firefox >= 65, Safari >= 14)
Small footprint size (552KB after compression) and low runtime memory usage
Support for Brotli and gzip compressed responses

Live Demo:

Waiting for libcurl.js to load...

Request Content:

WebSocket Network Traffic:

Libcurl Output:

Explanation:

In a traditional CORS proxy, your browser sends an HTTP request to a proxy server, which then reads the contents and sends a new request to the destination server. However, this is terrible for privacy, because the proxy server read the contents of the forwarded requests in plain text, which might include API keys or other secrets.

On the other hand, libcurl.js is a complete HTTPS and TLS client, which runs inside Javascript and WebAssembly on the browser. It performs TLS encryption locally in the browser, and sends the encrypted data over a Websocket to a proxy server, which forwards the data to a TCP socket. This ensures that there is end-to-end encryption between your browser and the destination server, and that the proxy server cannot see the contents of your requests.

The proxy server only deals with the data in the underlying TCP socket. That data will be encrypted with TLS until it gets to the destination server. Thus, you don't need to fully trust the proxy sever to use it safely.

The Wisp protocol is used to multiplex the TCP connections over a single WebSocket. It is a very simple and lightweight protocol which minimizes latency. The libcurl C library is used as an HTTP client, and Mbed TLS is used to facilitate encryption. Emscripten is used to compile these C libraries to WebAssembly.

Javascript API:

Including libcurl.js in your webpages is as simple as loading the JS bundle using a script tag.

<script src="https://cdn.jsdelivr.net/npm/libcurl.js@latest/libcurl_full.js" defer></script>

Or you can use the ES6 module on NPM:

import { libcurl } from "libcurl.js/bundled";

First, set the Wisp proxy URL. This example uses our public Wisp server:

libcurl.set_websocket(`wss://wisp.mercurywork.shop/`);

Then, you can perform HTTPS requests using a fetch-compatible API:

var r = await libcurl.fetch("https://ading.dev");
console.log(await r.text());

Try opening the browser console on this page and running the above code.

More documentation and examples are available on the project README.

License:

This project was written by ading2210 and it is licensed under the GNU LGPL v3.

This license is mainly applied to libraries. You may copy, distribute and modify the software provided that modifications are described and licensed for free under LGPL. Derivatives works (including modifications or anything statically linked to the library) can only be redistributed under LGPL, but applications that use the library don't have to be.

- From tldrlegal.com