Summary (read this first)
Do not send HAR files to SWOOP unless you understand the instruction here. Our support team can help walk you through this if required.
Only 'redacted' HAR files should be transmitted.
About Network Tracing
All the major browsers have the capability to generate a network trace by saving a 'HAR' file using the browser debugger. While this file can be very useful for diagnosing issues with SWOOP (in particular with Yammer and on-premise configurations) it can't be transmitted as it contains credentials that can be used to access user sessions.
Google provides a tool 'HAR Analyzer' that can be used to remove credentials from the HAR file without transmitting it away from your browser (* see 'Tool Security Risk Analysis' below).
Using Google HAR Analyser to generate Redacted HAR File
The HAR Analyser is available from below and includes the instructions required to generate the HAR file and load it into the tool:
After loading the HAR file you will see a page like this:
You can download the redacted by clicking on:
You should confirm that the HAR file does not contain tokens or cookies by checking it in an editor. The keywords that should be checked are 'Bearer' and 'Cookie' (they should show 'Redacted' in place of the value.
Tool Security Risk Analysis
The risk associated with this tool is that it could transmit the contents of the HAR file to the site operator (Google). We determined by the method below that this does not happen.
The risk analysis regarding this tool is based on the following outcomes:
- The security certificate has been issued to Google which we consider to be a reputable supplier:
- Open the debugger and go to: https://toolbox.googleapps.com/apps/har_analyzer/ . Clear the 'Network' activity and load a 'sample HAR file'. You should observe that there is no network transaction that could have sent the file.
We did this by saving the network requests as a HAR file and checking that the HAR file did not contain the contents of the 'sample HAR file'.
- We determined by examining the redacted HAR file that Yammer tokens and cookies were removed.
Please sign in to leave a comment.