Feels like this tool should have been created by Okta in the first place, instead of asking their customers to submit them HAR files and then directly exposing the secrets in these files to the attackers.
It's kind of irresponsible to publish this, given the way it's developed and deployed. It's not even a very good implementation of what it's supposed to do. (Using regular expression search-and-replace as a substitute for parsing? <<a href="http://langsec.org/" rel="nofollow noreferrer">http://langsec.org/</a>>)<p>This tool is not good.