Browser Sandboxing with Browserling

What is an online browser sandbox?

An online browser sandbox, also known as an online URL sandbox, lets you securely and safely open a website that you don't trust in a browser that runs in an isolated environment outside of your network. If the website contains an exploit or malware, your computer and other computers on the local network are not at risk as the browser runs in Browserling's infrastructure. The browser that you get via Browserling runs in a virtual machine on Browserling's servers, and it's live and interactive. You can download files, click links, run programs, and all these actions happen inside a virtual machine. Once you close the browser sandbox, the virtual machine gets destroyed together with all files and running processes.

How does Browserling's browser sandbox work?

At Browserling, we developed a cloud-based technology that streams browsers that run on our servers to your browser. The technology is similar to VNC or Remote Desktop but it doesn't require additional installs and runs via JavaScript in your browser. When you request a new browser, we start a fresh virtual machine that has the requested browser installed, and establish a secure websocket connection from your browser to the virtual machine. The virtual machine then streams the desktop changes back to your browser. As the virtual machine runs outside of your network, it's completely sandboxed.

What are URL sandbox use-cases?

The most common URL sandbox use-cases are:

  • Opening links that you don't trust. Let's say you receive an email with a link but you aren't sure if it's safe. It could contain a virus, malware, or ransomware that could infect your computer. If you open it in a sandboxed browser, then you can see what's behind the link without risking infecting your computer.
  • Testing phishing links. Hackers often send fake emails that look like password reset emails or verification emails. Such links often involve multiple redirects and you can't really know where they'll take you. To test such links, you can open them in an URL sandbox and see the final website that will load after all the redirects.
  • Opening malicious links. If you already know that a link is malicious, then you can safely open it in a sandboxed browser and see what happens with the system. It's possible such links contain exploits that take over the entire system but you are completely safe as it happens in Browserling's virtual machine.
  • Decoding short links. It's dangerous to click unknown bit.ly or t.co links as they are shortened and you don't know where they point to. You can use Browserling as a redirect detective and instantly see what the link resolves to. As soon as the short URL finishes redirecting, you can also interactively browse the final page.
  • Running executables. When you come across an executable file (like .exe for Windows) from an unknown or untrusted source, it could be risky to run it on your own computer. These files may contain harmful software, such as viruses or spyware, which can damage your system or compromise your personal data. Using a sandboxed browser, you can safely execute these files in a controlled, isolated environment. This allows you to observe the behavior of the executable without any risk to your own system.
  • Viewing PDF and Word documents. It's also dangerous to open unknown PDF and Word documents as they might contain macros that run on-open or zero-day exploits. We installed a PDF viewer and OpenOffice and you can test the documents without fear. If the documents contain something bad, your computer won't be affected as everything happens inside a Browserling virtual machine. Besides PDF and Word documents, you can also open Excel spreadsheets, PowerPoint presentations, DJVU documents, and ePub and Mobi book formats.
  • Testing browser exploits. Hackers often use websites to attack outdated browsers or plugins. If you suspect a webpage might contain an exploit, you can load it in a sandbox and see if it tries to run malicious code. This way, you don't risk your own system getting compromised.
  • Exploring dark web links. If you ever come across a Tor or Onion link but don't want to expose your real device to the dark web, a sandboxed Tor browser lets you check it out safely. You can browse the site without revealing your IP address.
  • Checking untrusted downloads. If you find a software download but aren't sure if it's safe, you can use our sandbox to download and inspect the file first. This helps avoid downloading trojans or ransomware directly onto your device. We have also installed hex editors, disassemblers, and other reverse engineering tools to make your investigations easier.
  • Investigating cryptocurrency scam sites. Crypto scams are now everywhere. There are fake exchanges, suspicious investment platforms, and scam wallet apps. If you want to check if a crypto-related website is legit, you can open it in a sandbox first. This lets you see how it works, spot phishing tricks, and find possible risks without using your real account or device.

Try Browserling's URL Sandbox Now!

To try our URL sandbox, enter an address of any website below, and we'll open it in Chrome that runs on our servers in our infrastructure:

The demo version lets you use Chrome 125 on a Windows 10 system. To access other browsers and systems, you'll need to get a paid plan.

Who's using Browserling's browser sandbox?

Browserling's browser sandbox has now become the tool of choice for security professionals and it's used by hundreds of thousands of users around the world. Our customers include governments, states, cities, banks, stock exchanges, universities, newspapers, Fortune 100 companies, and private multi-billion dollar companies.

Browser Sandbox FAQ

What browsers and operating systems can you sandbox?

At the moment, you can run a sandboxed Chrome, Opera, Firefox, Internet Explorer, Edge, Safari, and Tor browser. We have installed all Chrome versions, all Opera versions, all Firefox versions, Internet Explorer 6, 7, 8, 9, 10, and 11, a dozen of latest Edge versions, and multiple latest Tor browser versions. You can also access the following Windows versions – Windows XP, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11, and almost all Android versions – starting from Android 4.4 all the way up to the latest Android 15.

Do you offer mobile sandboxing?

At the moment, you can access sandboxed Android browsers. We also plan to add sandboxed iOS/iPhone browsers soon.

Will my IP address be visible when using the browser sandbox?

No, websites will see the IP address of servers that run the browsers, not your real IP. This adds an extra layer of privacy, especially when investigating unknown and dangerous websites.

What happens when I close the sandboxed browser?

When you close the sandboxed browser, your session is instantly deleted, including all downloads, history, and cookies. To continue testing, simply launch a new sandboxed session and start fresh.

Can I use developer tools in the sandboxed browser?

Yes, all browsers in our sandbox come with built-in developer tools enabled. You can press F12 to open them. With developer tools, you can inspect elements, debug JavaScript, and analyze network requests just like you would on a local browser.

Can a browser sandbox protect against zero-day exploits?

Yes, a browser sandbox isolates your browsing activities from your computer, keeping potential threats contained. If an exploit runs, it remains confined to the sandbox and cannot affect your files, operating system, or local network.

Can you help us with a browser sandboxing problem?

We'd love to help! Please send us an email at hello@browserling.com and briefly describe the problem you're having. We have been solving browser problems for over 10 years and we have seen it all.

Do you have an URL sandbox API?

Yes, please see Live API. It lets you embed a sandboxed browser in any website. Coming soon, we're also launching a Headless API that will let you automate browser interactions and get back reports.

Any other questions?

Please contact us at hello@browserling.com or use our contact form.