HARmor: Open-source tool for sanitizing and securing HAR files


HARmor is an open-source tool that sanitizes HTTP Archive files. Easy to install and run, it enables the safe handling and sharing of HAR files.

What are HAR files?

HAR files are critical for support teams working to debug and troubleshoot customer issues, but they can open vulnerabilities in system security that threat actors actively seek to exploit.

The potential grave consequences for business reputation and customer trust are of great concern to technical support organizations and customers who depend on them.

“While the sending of HAR files is almost a standard in the support industry, the idea that they can become another tool in the hands of an attacker was not an idea previously considered by CISOs. There is a great lesson learned here that we need to keep in mind: ANY data that we collect from customers, even if it’s for support purposes, can be a tool in the hands of attackers. This requires every security team in every organization to run a deep analysis of any communication channel between the company and its customers,” Amir Jaron, VP of R&D at Frontegg, told Help Net Security.

Key HARmor functions

HARmor allows users to clean and sanitize data from their HAR files selectively. They can also interact in real-time with the data they are cleaning. This level of user control is a first in HAR file management. Key HARmor functions:

  • Sanitization: HARmor can detect and scrub sensitive information, from cookies and passwords to authorization headers, query parameters, and JSON body keys. HARmor also sanitizes based on URLs and removes JWT signatures.
  • Cleaning: HARmor removes unnecessary data bloat, reducing the risk of accidental data exposure.
  • Encryption: HARmor ensures that the sanitized HAR files are encrypted, thereby adding a layer of security in the event of unintended dissemination.
  • No global installation needed: Use HARmor directly with npx, anywhere you need it.

HARmor usage modes

HARmor can be used in either Direct Sanitization or Template mode:

  • Direct Sanitization mode guides users along an interactive journey through a structured questionnaire to ensure each data point is reviewed and sanitized as necessary.
  • In Template mode, users can create and share customized templates to enhance workflow. This also lets companies define their standards of cleaning HAR files for consistent security — valuable to those with unique cookies, headers, or sensitive data patterns specific to their business.

HARmor is available for download on GitHub.



Source link