Sandbox browser for safely viewing malicious websites

I'm looking for a quick and safe way to browse potentially malicious / infected websites. So far all of the products I've found are PC only. I can run a Virtual PC environment but it's a pain and I'm looking for something simpler.

I'm on Yosemite.


I recommend a VM with the OS and the browsers of your choice. Using the snapshot/clone features you may always revert to the original vanilla state.

Three of the advantages:

  • Use an arbitrary OS/browser combination (a lot of malicious websites often attack special combinations e.g. Windows XP/7/IE or OS/Flash)
  • You may detect any impact on the file system safely by comparing the mounted vanilla and infected volume (in read only mode).
  • You may run fseventer or dtrace (Mac OS X) or other tools (Win/Linux) without interference of your real OS.

Another possibility is outlined here in an article from 2010. Don't know if it still works:

OS X has a built-in sandbox feature for applications, which can restrict their access to certain parts of the system. There isn't a lot of documentation available on the sandboxing system, but I've successfully been able to sandbox Firefox. It has some limitations, but my plug-ins and add-ons work though yours may not.

If you have issues, you'll have to search for the directories where your plug-ins are housed, and give read or read/write access permissions in the firefox-sandbox file. There is only write permission to the ~/Downloads directory, so if you want to save files in a different location, you will have to change the firefox-sandbox file or move them after the download has finished. First, create the following file and save it somewhere as firefox-sandbox:

;; http://codereview.chromium.org/379019/diff/1/2
(version 1) 
(deny default)

(allow file-write* file-read-data file-read-metadata
  (regex "^/Users/user_name/Downloads")
  (regex "^/Users/user_name/Library/Application Support/Mozilla")
  (regex "^/Users/user_name/Library/Application Support/Firefox")
  (regex "^/Users/user_name/Library/Preferences")
  (regex "^/Users/user_name/Library/PreferencePanes")
  (regex "^/Users/user_name/Library/Caches/Firefox")
  (regex "^/Users/user_name/Library/Caches/TemporaryItems")
  (regex "^/Applications/Firefox.app")
  (regex "^(/private)?/tmp/"))

(allow file-read-data file-read-metadata
  (regex "^/dev/autofs.*")
  (regex "^/Library/Preferences")
  (regex "^/Library/Internet Plug-Ins")
  (regex "^/Library/PreferencePanes")
  (regex "^/usr/share/icu")
  (regex "^/usr/share/locale")
  (regex "^/System/Library")
  (regex "^/Applications/Firefox.app")
  (regex "^/usr/lib")
  (regex "^/var")
  (regex #"Frameworks/SDL.framework")
; Our Module Directory Services cache
  (regex "^/private/var/tmp/mds/")
  (regex "^/private/var/tmp/mds/[0-9]+(/|$)")
  (regex "^/Users/user_name"))

(allow mach* sysctl-read)

(import "/usr/share/sandbox/bsd.sb")
(deny file-write-data
   (regex #"^(/private)?/etc/localtime$"
     #"^/usr/share/nls/"
     #"^/usr/share/zoneinfo/"))

(allow process-exec 
  (regex "^/Applications/Firefox.app"))

(allow network*)

Replace the /Applications/Firefox.app.... parts with the path to Firefox on your system. Also replace user_name with your username. Next, open up a Terminal and execute this command:

sandbox-exec -f firefox-sandbox /Applications/Firefox.app/Contents/MacOS/firefox-bin

Make sure the firefox-sandbox file is in the directory where you run the above command, and Firefox should launch in a protected sandbox.