Tunneling BrowserBox Pro Over SSH: A Complete Guide to Using Port Forwarding to Run RBI on a Router

Secure Shell (SSH) isn’t just about secure remote server management and file transfers; its versatility extends to the secure tunneling of applications. This tutorial will walk you through tunneling BrowserBox Pro (BBPro), a cutting-edge remote browser isolation (RBI) solution, over SSH using port forwarding.

Features of BrowserBox Pro

BrowserBox Pro offers an array of advanced features that set it apart from other versions of remote browser isolation. With fully open source-code, non-commercial use for free, frequent updates and cutting-edge technology, BrowserBox Pro provides an enhanced browsing experience with superior rendering, top-tier graphics, and minimal lag. Its exclusive advanced features, Docker compatibility, cloud and platform independence, and advanced security mechanisms make it the ideal choice for businesses and organizations looking to enhance their cybersecurity, privacy, and browsing capabilities. Non-commercial uses can use it for free! Commercial users can purchases licenses here and volume discounts here.

Step 1: Install mkcert and Generate Certificates

Begin by installing mkcert, a zero-config tool that generates locally-trusted SSL certificates. Installation instructions are provided on the official GitHub page.

After installation, you first need to install the local Certificate Authority with:

mkcert -install

Then you can generate your SSL certificate and private key files for your localhost:

mkcert localhost

You will now have two files: localhost.pem, your local certificate, and localhost-key.pem, your private key.

Step 2: Open TCP Port Block

For BrowserBox Pro to operate smoothly, you need to open a TCP port block around your main port (for this example, we’ll use port 8080). Open TCP ports 8078 through 8082 to accommodate the main browser service, audio service, and devtools service. These services run on distinct ports within the port block.

Step 3: Set Up SSH Port Forwarding

With your certificates generated and your ports open, you’re ready to initiate SSH port forwarding. Ensure you have SSH access to your remote machine, then run:

ssh -L 8078:remote_host:8078 -L 8079:remote_host:8079 -L 8080:remote_host:8080 -L 8081:remote_host:8081 -L 8082:remote_host:8082 user@remote_host

Replace user@remote_host with your remote machine’s SSH login details.

Step 4: Run BBPro on the Remote Machine

Having established the SSH connection, you’ll be in your remote machine’s shell. There, initiate the setup for BBPro by specifying the central port:

setup_bbpro --port 8080

Subsequently, start BBPro:


Step 5: Transfer Certificates to the Remote Machine

With BBPro running, transfer your locally-generated certificates to the remote machine using scp:

scp localhost.pem user@remote_host:~/sslcerts/fullchain.pem
scp localhost-key.pem user@remote_host:~/sslcerts/privkey.pem

This command copies localhost.pem and localhost-key.pem to the sslcerts directory in your home (~) directory on the remote machine and ensures they’re named with a convention that BBPro understands. Yes, scp will expand the tilde (~) to refer to your $HOME directory.

Step 6: Shut down access to the remote machines BBPro ports using a firewall

You can do this step earlier, which may be more secure, but it doesn’t really matter where you do it. Once you shut access to the BBpro port block, no one outside of the SSH tunnel can access it, making it nearly totally secure!

Step 7: Connect to BBPro

Connect to the running bbpro instance by using a localhost HTTPS address! Yep you heard that right! By the power of mkcert and SSH tunnels you can use the localhost Login Link emitted at Step 4 from setup_bbpro to connect from a browser on your local machine. Whack the link (which will look something like https://localhost:8080/login?token=<sadsasadsa> into your browser’s address bar and you’re good to go!