Running SecureTunnel on the Command Line

Applies to CrossBrowserTesting SaaS, last modified on February 16, 2021

The command-line tool, or CLI binary, for SmartBear SecureTunnel enables users to start a local connection on the command line or programmatically from the shell.

Other resources you may want to review before using the CLI.

This command line version uses WSS (secure WebSockets over HTTPS, port 443) to create the local connection.


All requests to start a tunnel require username and authkey via the command line options.

./SBSecureTunnel --username USERNAME --authkey AUTHKEY

Note: Credential flags may also be set as environment variables beginning with SMARTBEAR. For example, instead of typing -username, you may instead set the environment variable SMARTBEAR_USERNAME to the desired username.

Connection types

Internal websites

This is the most basic type of tunnel for a local connection. It creates an encrypted tunnel that allows traffic and requests to be routed through the local network of your computer. This allows you to test sites that are only accessible through your local network or behind your firewall.


Local HTML files

This type of tunnel allows you to test static HTML files saved on your computer without being required to setup a web server.

./SBSecureTunnel --dir "/Path/To/Local/Directory"

Proxy server

This connection type allows you to specify a proxy server to route your traffic through during tests.


./SBSecureTunnel --proxyIp PROXYIP --proxyPort PROXYPORT

With credentials:

./SBSecureTunnel --proxyIp PROXYIP --proxyPort PROXYPORT --proxyUser username --proxyPass password

Via proxy auto-config file:

./SBSecureTunnel --pac /PATH/TO/FILE

Via proxy auto-config URL:

./SBSecureTunnel --pac

In lieu of specifying a single proxy server, you may provide a proxy auto-config (PAC) file. Each request made through your local machine will follow the routing directives listed in the PAC. If the HTTP_PROXY or HTTPS_PROXY options listed below are employed, they will take precedence in routing the connection from your local machine to It does not make sense to use the above Proxy Server option alongside the PAC file option, but in the case that you do, the Proxy Server option will take precedence. You may specify a path to a file or a URL.

Additional options

Named tunnels

There are some cases where multiple tunnels might be necessary, such as when working with multiple development environments. In this case, we provide the option to name tunnels so that they may be specifically selected for use in various tests: in the Advanced Options in the UI, or by specifying the property "tunnel_name" in the JSON sent to the API.

./SBSecureTunnel --tunnelname TUNNELNAME

HTTP proxy

Some corporations use an HTTP proxy for all outbound web traffic. The Smartbear tunnel communicates via wss over port 443 to SmartBear servers to initiate a local connection. If you have an HTTP proxy that it must route through, use this option to do so. It works by temporarily setting the HTTP_PROXY environment variable, so may be redundant in cases wherein it is already set.

Basic usage:

./SBSecureTunnel --httpProxy HTTPPROXY

Usage with basic authentication:


HTTPS proxy

Has the same functionality as HTTP_PROXY but sets the HTTPS_PROXY environment variable instead.

Basic usage:

./SBSecureTunnel --httpsProxy HTTPSPROXY

Usage with basic authentication:


Bypass public hosts

Specify whether public-resolvable URLs should resolve bypass the tunnel (default/true behavior) or route through the tunnel (false behavior).

Basic usage:

./SBSecureTunnel --bypass false

Accept all certificates

Set up the tunnel to work with sites with invalid (self-signed, expired) certificates.
Useful for testing sites that present with certificate errors in a browser.

Basic usage:

./SBSecureTunnel --acceptAllCerts

Reject unauthorized SSL certificates

Enable or disable SSL certificate checking in Node itself. Useful if a self-signed certificate is in the chain (i.e., on a proxy), but only works in narrow cases.

Basic usage:

./SBSecureTunnel --rejectUnauthorized false

Kill file

The kill file option allows you specify the name of a 'kill file' that if placed in the current directory will cause the program to gracefully shutdown.

Basic usage:

./SBSecureTunnel --kill KILLFILENAME

Ready file

When the tunnel is up-and-running, an empty file will be placed in the path specified by the user.

Basic usage:

./SBSecureTunnel --ready READYFILENAME

Verbose mode

Specifying this flag enables verbose mode; you will see most of the traffic handling.

Basic usage:

./SBSecureTunnel --verbose

Quiet mode

Specifying this flag disables most output.

Basic usage:

./SBSecureTunnel --quiet

See Also

Installing SecureTunnel
Starting SecureTunnel

Highlight search results