Cloudflare has recently released an open-source project called HAR File Sanitizer, which allows users to scrub sensitive data before sharing request files from their browsers. This initiative was taken due to a vulnerability in Okta’s support system, which resulted in numerous organizations being hacked.
HAR, or HTTP Archive, is a log file that records browser requests to servers. It is commonly saved through the Developer Tools of various browsers, as it provides comprehensive information about which URLs the browser called and what data it received. As a result, HAR files are popular for debugging purposes. However, these files often contain important information such as session tokens, cookies, and sometimes even usernames and passwords. While support teams may only require other specific data, such as error messages or DNS issues, the HAR files typically contain sensitive information.
If malicious individuals get hold of HAR files and the tokens within them have not yet expired, they can easily impersonate victims. This is because multi-step authentication processes are of no help if the tokens were obtained after successful authentication.
The HAR File Sanitizer developed by Cloudflare removes all cookies associated with the session, including various JWTs from which program signatures are removed. This ensures that while the JWTs are rendered unusable, the data within them can still be read. In the future, Cloudflare plans to support data from other authentication systems to ensure that all data associated with a fake session owner is completely erased, leaving behind only the information necessary for debugging.
TLDR: Cloudflare has introduced the HAR File Sanitizer project to sanitize sensitive data in request files before sharing them. This project addresses the vulnerability in Okta’s support system, which led to numerous organizations being hacked. HAR files contain valuable information, including session tokens and cookies, making them a prime target for impersonation. Cloudflare’s solution removes all session-related cookies and modifies JWTs to render them unusable while still allowing the data within them to be accessed.