diff --git a/readme.md b/readme.md
index 22b5562..df1b36e 100644
--- a/readme.md
+++ b/readme.md
@@ -14,14 +14,14 @@ A simple and fast software designed to bypass **Deep Packet Inspection**
 `$ go build ./cmd/...`  
 
 # Run
-## OSX
-`$ spoof-dpi`  
+### OSX
+Run `$ spoof-dpi`  
 
-## Linux
-Open your favorite browser with proxy option  
+### Linux
+Run `$ spoof-dpi` and open your favorite browser with proxy option  
 `google-chrome --proxy-server="http://127.0.0.1:8080"`
 
-## Windows
+### Windows
 Use [GoodbyeDPI](https://github.com/ValdikSS/GoodbyeDPI) instead
 
 # Usage
@@ -31,6 +31,18 @@ Usage: spoof-dpi [options...]
 -port=<port> | default: 8080
 ```
 
+# How it works
+### HTTP
+Since most of websites in the world now support HTTPS, SpoofDPI doesn't bypass Deep Packet Inspections for HTTP requets, However It still serves proxy connection for all HTTP requests.
+
+### HTTPS
+ Although the HTTPS requests are encryted with TLS, the domains are still shown as plaintext in the encryted requests. 
+ In other words, when someone else looks on a packet, they can easily identify where the packet is headed to.
+ I had tried some ways to bypass the inspections, and found out that only the first chunk is inspected when we send the encryted request in chunks. 
+ What SpoofDPI does to bypass this is to send the first 1 byte of a request to the server, 
+ and then send the rest.
+ > SpoofDPI doesn't decrypt your HTTPS requests, and that's why we don't need the SSL certificates.
+
 # Inspiration
 [Green Tunnel](https://github.com/SadeghHayeri/GreenTunnel)  
 [GoodbyeDPI](https://github.com/ValdikSS/GoodbyeDPI)