Frontegg’s free OSS project sanitizes HAR files (browser session interaction logs) to safeguard users and organizations from HAR file vulnerability exploits
Frontegg, the premier customer identity and access management platform for modern SaaS apps, is releasing HARmor, an open source tool to sanitize HTTP-Archive files. Available now to all developers on GitHub, HARmor enables safe handling and sharing of HAR files. Easy to install and run, HARmor can–in a few seconds–prevent major security breaches for organizations.
“Open-source HARmor is Frontegg’s contribution to overall security posture and customer safety for the entire software industry,” said Aviad Mizrachi, CTO, Frontegg. “Tokens in HAR files have been used to attack a major software vendor’s customers. We see customer support organizations at particular risk. Tokens are potent weapons, if leaked or accessed through social engineering, for example. We decided to provide a robust, universally applicable solution immediately to prevent widespread damage to customers and their trust in their software providers.”
Also Read: Salt Security Named 2023 CISO Choice Award Winner for API Security
HARmor allows users to clean and sanitize data from their HAR files selectively. They can also interact in real time with the data they are cleaning. This level of user control is a first in HAR file management. Key HARmor functions:
- Sanitization: HARmor can detect and scrub sensitive information, from cookies and passwords to authorization headers and query parameters, as well as JSON body keys. HARmor also sanitizes based on URLs, and removes JWT signatures.
- Cleaning: HARmor removes unnecessary data bloat, reducing the risk of accidental data exposure.
- Encryption: HARmor ensures that the sanitized HAR files are encrypted, thereby adding a layer of security in the event of unintended dissemination.
- No Global Installation Needed: Use HARmor directly with npx, anywhere you need it.
HARmor can be used in either Direct Sanitization or Template mode. Direct mode guides users along an interactive journey through a structured questionnaire, to ensure each data point is reviewed and sanitized as necessary. In Template mode, users can create and share customized templates to enhance workflow. This also lets companies define their own standards of cleaning HAR files for consistent security — especially valuable to those with unique cookies, headers, or sensitive data patterns specific to their business.
HAR files are actively targeted in breaches
Recently, a global software vendor announced that for 19 days (beginning on September 28th), a threat actor gained unauthorized access to files inside the vendor’s customer support system. These included HAR files that contained session tokens, which the attacker used to hijack legitimate user sessions of several customers.
HAR files are critical for support teams working to debug and troubleshoot customer issues, but they can open vulnerabilities in system security which threat actors actively seek to exploit. The potential grave consequences for business reputation and customer trust are of great concern to technical support organizations and customers who depend on them.
“It’s our role and responsibility to protect the software industry and all its customers when we have the expertise to do so,” said Amir Jaron, VP R&D, Frontegg. “From first learning of the exploits against a major software provider, which leveraged HAR tokens and impacted numerous of their customers, it was just a few days to Frontegg’s release of HARmor, as a result of intensive effort to provide an immediate solution for millions who use technical support sessions.”
SOURCE: GlobeNewswire
