Introducing HAR Sanitizer: secure HAR sharing

On October 18th, 2023, Cloudflare's Security Incident Response Team (SIRT) discovered a security attack that originated from an authentication token stolen from Okta's support systems. However, no customer information or systems were affected due to the real-time detection by SIRT and Cloudflare's Zero Trust security posture. The attacker compromised user sessions by capturing session tokens from administrators at various organizations, including Cloudflare. The bad actor infiltrated Okta's customer support system and stole HTTP Response Archive (HAR) files, which contain a record of a user's browser session. HAR files can be used to diagnose issues but also contain sensitive information that can be exploited for attacks. As a result, Cloudflare introduced a HAR sanitizer tool that removes all session-related cookies and tokens from the file, ensuring its safe sharing while still providing useful information for troubleshooting. The company plans to launch additional security controls in their Cloudflare Zero Trust suite to further mitigate attacks stemming from stolen session tokens.