Skip to main content

Access anything.Expose nothing.

Legba is a disposable browser engine. A real browser, spawned fresh, destroyed on close. No cookies in, no fingerprint left, no trail back. Reach it as an extension, a sandbox, an MCP server, or an API.

NVIDIA InceptionMuckerLabGoogle for StartupsFounder University
WHO IT'S FOR

One engine. Three jobs.

Three buyers, one engine. Each gets its own surface.

ACCESS

Access that holds up on hostile sites.

For fintechs on hardened sites. Banks, brokerages, benefits portals. The sites your users hold accounts on fight automation. Headless tools fail where Legba holds.

site-tuned · sub-15s MFA · persistent state

The extension
OPERATE

A browser that does not expose your agents.

For AI companies shipping agents. Your agent logs in, clicks, and transacts without leaking credentials or getting blocked.

burn per task · no reach · MCP-native

The API
TEST

Find your exposure before attackers do.

For security teams mapping exposure. Adversary validates the real exposures: exposed API keys, subdomain takeover, leaked secrets.

validated, not noise · minutes · evidence

Adversary
THE ENGINE

Every surface inherits the same guarantees.

Isolation, routing, session spawning, and clean exit. No cookies carried in, no fingerprint left behind, no trail back to the operator.

REAL_BROWSERREAL_IPFRESH_FINGERPRINTBURN_ON_CLOSE
The engine spec

[ how it works ]

Three calls. One throwaway browser.

Reach Legba through the MCP server, the API, or the SDK. The lifecycle is the same every time. Spawn a scoped session, do the work, destroy it. Nothing persists unless you say so.

Spawn a session.

Pick a geography, scope what the session can reach, set the TTL. The container boots in under 200ms with a real residential IP and a fresh fingerprint.

Do the work.

An agent, a human, or an MCP client takes the wheel. Captchas resolve in-session. MFA codes pull from email forwarding inside 15 seconds. The session sees only what you scoped.

Destroy it.

The TTL hits or you close it. The container is destroyed. Cookies, storage, tokens, and fingerprint, all of it gone. Nothing escapes the session because there is no session left.

sessionLIVE
session.spawn --burn-on-close
status: spawned
browser: chromium / real fingerprint
ip: residential / clean
do the work.
session destroyed. no trace.

[ ONE ENGINE. FOUR SURFACES. ]

One engine. Four surfaces.

Legba is one engine with many surfaces. The engine is isolation, routing, session spawning, and clean exit. The surfaces are how different people reach it: an extension, an API, an MCP server, an agent. Every session is fresh, isolated, and deniable. No cookies carried in, no fingerprint left behind, no trail back to the operator.

Same isolation. Same access. Different doors.

HUMANS

The extension

A browser tab that runs off your machine. Nothing executes locally. Close it and the session is gone.

See the extensionAGENTS

OpenClaw

A hosted browser an agent operates inside. It burns on close by default. Real residential IPs and captcha solving baked in.

Meet OpenClawBUILDERS

The MCP server

One config line and any MCP-aware agent gets a real browser. Disposable by default, scoped by you. Claude, GPT, your own.

Get the configBUILDERS

The API

A REST API and SDKs over the same disposable browser engine. Spawn sessions in any geography. Persist when you need to, destroy when you do not.

Read the docs
import { Sandbox } from "@legba/sandbox"

const sandbox = await Sandbox.create({
  geo: "phoenix-az",
  scope: ["legba.app"],
  ttl: "15m",
})

await sandbox.agent.run(
  "Log in and download my latest statement."
)

await sandbox.destroy()

Point the engine at your own surface.

Adversary
Engine spec

What every surface inherits.

Real browser
Full Chromium with GPU rendering, real fonts, real canvas, real WebGL. Not a stealth plugin over headless. Detection vendors see a person.
Real residential IP
Real ISPs. Real cities. Pick the geography the target site expects. Phoenix, Frankfurt, Seoul. Not a datacenter range pretending to be a home.
Smart routing
Sessions spawn in the region you call from, or the one your target needs. Routing rotates around degradation on its own. No manual switching.
Burn on close
Each session is a container. When the TTL hits or you close it, everything inside is destroyed. No state. No logs. No reach. Nothing to leak.
Captcha solving
hCaptcha and reCAPTCHA resolve in-session. No third-party stitching, no copy-paste flows. Your agent never sees the gate.
Anti-bot evasion
We built and broke detection systems before we built Legba. Cloudflare, Incapsula, DataDome. The engine routes around the checks those systems run.

Proof

NVIDIA Inception
MuckerLab
Google for Startups
Founder University
<200ms

spawn latency from a warm pool

2.5x

reliability over datacenter

0

session residue on close

Same engine,
every tier.

Start free. Scale to production. Burn-on-close sessions, residential IPs, and the same anti-bot evasion run across every tier.

Tier 01

Free

Prototype, evaluate, and find us in the MCP registry.

$0
  • 30 hours per month
  • 1 concurrent session
  • Datacenter IPs only
  • Basic fingerprint masking
  • Community support
Tier 02Most popular

Pro

For solo builders and small teams shipping agents to production.

$499/mo
  • 200 hours per month
  • 10 concurrent sessions
  • Residential IPs in 5 geos
  • MCP and API access
  • Captcha solving included
Tier 03

Production

For agent companies and fintechs running at scale.

$5,000/mo
  • 100 concurrent sessions
  • Unlimited residential IPs, all geos
  • Full MCP, API, and SDKs
  • Site-tuning service
  • Priority support with an SLA
Tier 04

Enterprise

For multi-product platforms and regulated buyers.

Custom
  • Dedicated infrastructure
  • SOC 2 Type II in progress
  • VPC and air-gap options
  • Custom SLAs and terms
  • Named support engineer
FAQ

Things people
actually ask.

session complete. no trace left.

Access anything.
Expose nothing.

Read the docs

chromium / real fingerprint · residential ip · burn on close