Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/MercuryWorkshop/epoxy-tls/llms.txt

Use this file to discover all available pages before exploring further.

Epoxy TLS is an encrypted proxy toolkit for browser JavaScript. It runs full SSL/TLS inside WebAssembly and uses the Wisp protocol to multiplex TCP and UDP connections over a single WebSocket — letting you make real HTTPS, WebSocket, TCP, and UDP connections from any browser page without CORS restrictions.

Quickstart

Make your first proxied fetch request in under 5 minutes

Installation

Install the npm package and learn about bundle variants

EpoxyClient API

Full reference for the EpoxyClient class and all its methods

Server Setup

Deploy epoxy-server, the high-performance Wisp server written in Rust

How it works

Traditional browser JavaScript is constrained by CORS — servers must explicitly allow cross-origin requests. Epoxy TLS sidesteps this entirely by tunneling your traffic through a Wisp server you control:
  1. epoxy-client (WebAssembly) establishes a WebSocket connection to your Wisp server
  2. Inside WASM, it performs a real TLS handshake with the destination server using rustls
  3. HTTP requests, WebSocket connections, and raw TCP/UDP streams flow through the encrypted tunnel
Because TLS runs inside WASM rather than in the browser’s network stack, the browser never sees the unencrypted traffic — your security properties are preserved even though CORS is bypassed.

What’s included

epoxy-client

npm package (@mercuryworkshop/epoxy-tls) with fetch(), WebSocket, TCP, TLS, and UDP APIs

epoxy-server

Performant Rust Wisp server binary with TLS, authentication, and host/port filtering

wisp-mux

Rust crate for building custom Wisp v1/v2 clients and servers with extension support

Key features

  • True end-to-end encryption — TLS runs in WASM; the proxy server never sees plaintext
  • Full HTTP/2 support — including streaming request/response bodies and gzip/brotli decompression
  • WebSocket proxying — connect to any WebSocket server with custom headers and subprotocols
  • Raw stream access — open TCP, TLS, and UDP streams as ReadableStream/WritableStream pairs
  • Wisp v2 extensions — UDP, MOTD, password authentication, certificate authentication
  • Custom transports — bring your own ReadableStream/WritableStream transport instead of a URL
  • Minimal bundle variant — HTTP/1-only build for smaller WASM payload sizes
Epoxy TLS requires a self-hosted Wisp server. The MercuryWorkshop demo server at wss://wisp.mercurywork.shop is available for testing but is throttled. Deploy epoxy-server for production use.

Quick example

import init, { EpoxyClient, EpoxyClientOptions } from "@mercuryworkshop/epoxy-tls";

await init();

const options = new EpoxyClientOptions();
options.wisp_v2 = true;

const client = new EpoxyClient("wss://your-wisp-server.example.com", options);

const res = await client.fetch("https://example.com");
console.log(await res.text());

Fetch Guide

HTTP requests with headers, bodies, redirects, and streaming

WebSocket Guide

Proxy WebSocket connections with custom protocols and headers

Raw Streams

Access raw TCP, TLS, and UDP as Web Streams API streams

Bundle Variants

Choose between full and minimal builds for your use case

Build docs developers (and LLMs) love

Get started for freeTalk to us