Applies to CrossBrowserTesting SaaS, last modified on September 13, 2021

Learn when to use SmartBear SecureTunnel.

In This Section

What is SmartBear SecureTunnel?

The SmartBear SecureTunnel can bring the power of CrossBrowserTesting’s cloud testing platform right to your application, whether your website:

  • is on a private network.

  • is behind a firewall.

  • is a folder of static HTML files.

  • is a locally running web-server.

  • requires a proxy server.

When you create a Local Connection with your CrossBrowserTesting account via a SmartBear SecureTunnel, you get access to every part of CrossBrowserTesting, including Screenshots, Live Tests, and Automated Tests against websites that would otherwise be unavailable on the public web.

Connection types

SmartBear SecureTunnel has three connection types, enabling various testing scenarios:

Internal websites

  • Allows you test websites within your internal network. For example, a development website only available to the private network or to users connected to the company VPN.

  • Allows you to test a locally running web server on your machine. For example, you are running a node application web server.

This the default and most commonly used connection type. It routes web traffic from the our remote browser under test to your client machine, allowing you to test websites behind a firewall, or running on your local machine.

Local HTML files

This mode allows specified local files on the client machine to be hosted and tested with the CrossBrowserTesting web app. A simple static HTTP server is spun up on the client machine on the first free port between 8080 and 8089 (or a port specified by the user) and provides the remote machine with read-only access. The HTTP server is terminated at the same time as the local tunnel.

External proxy server

Proxy server mode allows web traffic from the remote browser under test (which is routed through the tunnel to the client machine) to be further routed through a specified proxy server. This is useful for corporate environments that require proxies for HTTP/HTTPS traffic.

How to create a local connection using SmartBear SecureTunnel

There are two ways to use SmartBear SecureTunnel:

Technical overview and security

For the sake of clarity, let's define some terms:

Client refers to the user's computer accessing CrossBrowserTesting.

Remote refers to the device or virtual machine served by CrossBrowserTesting for testing your site.

Tunnel refers to the secure connection between the Client and the Remote.

Tunnel server refers to a lightweight proxy server (hosted by CrossBrowserTesting) which will redirect traffic from the remote machine to the client machine.

When a Local Connection is enabled, web traffic is routed from the remote machine, to the tunnel server, through the tunnel, and resolved on the client machine.

Local tunnel diagram

Click the image to enlarge it.


Enabling a Local Connection triggers the following flow:

  1. The SmartBear SecureTunnel (app, or cli-tool) sends an SSL encrypted POST request to CrossBrowserTesting, asking to start a Local Connection tunnel server.

  2. CrossBrowserTesting creates a tunnel server that will redirect traffic from the remote machine to the client machine. This tunnel server is hosted by CrossBrowserTesting.

  3. CrossBrowserTesting responds to the POST request with information needed to connect with the tunnel server.

  4. The app connects to the tunnel server over port 443 using an industry-leading SSL encrypted WebSocket connection.

    Note: The module offers an HTTP_PROXY/HTTPS_PROXY option if port 443 is available only via a corporate proxy.
  5. The connection is complete. A secure, reliable, two-way tunnel has been established between CrossBrowserTesting and the client machine. Since no test is running yet, there is no data flowing through the tunnel.

If the SmartBear SecureTunnel is in Local HTML File mode it will start a simple HTTP web server in the specified directory. Files in that directory can be accessed in a test by using the special hostname local, e.g.
This is described in greater detail below.

Traffic flow

After establishing a tunnel, a user can start a test to trigger the next part of the connection flow:

  1. The VM or mobile device requested by the user is configured to use the tunnel server as a proxy.

  2. The tunnel server redirects all web traffic from the remote machine through the tunnel.

    Note: All DNS resolution occurs on the client machine. The client machine's hosts file is respected.
  3. The SmartBear SecureTunnel receives the forwarded traffic and forwards it to its original destination.

    • If the tunnel is in Proxy mode, traffic will not be resolved. Instead, it will be forwarded to the specified proxy.

  4. Any response traffic is then sent back through the tunnel, to the tunnel server, and rendered in the Remote browser.

This two-way tunnel continues to route traffic for the duration of the test.


The user can stop the tunnel connection either through the CrossBrowserTesting website, the command-line tool, or the Node package. This is the disconnection flow:

  1. The user requests stopping the tunnel.

    Note: If the user neglects to request stopping the tunnel, the tunnel is killed after an hour of inactivity and the extension/module exits.
  2. The SmartBear SecureTunnel service sends an SSL encrypted DELETE request to the the CrossBrowserTesting back-end to release the tunnel server.

  3. CrossBrowserTesting kills the tunnel server, closing the tunnel connection.

  4. The SmartBear SecureTunnel service detects that the tunnel connection was closed and exits, leaving no trace on the client machine.

Download the SmartBear Secure Tunnel CLI binary

The SmartBear SecureTunnel command-line tool can be downloaded for the following operating systems:

See Also

Starting SecureTunnel
Running SecureTunnel on the Command Line
Installing SecureTunnel

Highlight search results