networkProxy: auto sanitize sensitive tokens

2025-03-25 14:47:00 +01:00 · 2025-03-25 14:47:00 +01:00 · 1e57c90449
commit 1e57c90449
parent c0678bab15
11 changed files with 389 additions and 100 deletions
--- a/networkProxy/package-lock.json
+++ b/networkProxy/package-lock.json
@ -1,29 +0,0 @@
-{
-  "name": "network-proxy",
-  "version": "1.0.0",
-  "lockfileVersion": 3,
-  "requires": true,
-  "packages": {
-    "": {
-      "name": "network-proxy",
-      "version": "1.0.0",
-      "license": "ISC",
-      "devDependencies": {
-        "typescript": "^5.6.2"
-      }
-    },
-    "node_modules/typescript": {
-      "version": "5.6.2",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.6.2.tgz",
-      "integrity": "sha512-NW8ByodCSNCwZeghjN3o+JX5OFH0Ojg6sadjEKY4huZ52TqbJTJnDo5+Tw98lSy63NZvi4n+ez5m2u5d4PkZyw==",
-      "dev": true,
-      "bin": {
-        "tsc": "bin/tsc",
-        "tsserver": "bin/tsserver"
-      },
-      "engines": {
-        "node": ">=14.17"
-      }
-    }
-  }
-}
--- a/networkProxy/package.json
+++ b/networkProxy/package.json
@ -1,6 +1,6 @@
 {
  "name": "@openreplay/network-proxy",
-  "version": "1.0.5",
+  "version": "1.1.0",
  "description": "this library helps us to create proxy objects for fetch, XHR and beacons for proper request tracking.",
  "main": "dist/index.js",
  "module": "dist/index.js",
@ -18,8 +18,8 @@
  "license": "MIT",
  "devDependencies": {
    "@vitest/coverage-istanbul": "^2.1.1",
-    "jsdom": "^25.0.1",
-    "typescript": "^5.6.2",
+    "jsdom": "^26.0.0",
+    "typescript": "^5.8.2",
    "vitest": "^2.1.1"
  }
 }
--- a/networkProxy/src/networkMessage.ts
+++ b/networkProxy/src/networkMessage.ts
@ -4,6 +4,13 @@ import {
  httpMethod,
  RequestState,
 } from './types'
+import {
+  tryFilterUrl,
+  filterHeaders,
+  filterBody,
+  sanitizeObject,
+} from "./sanitizers";
+
 /**
 * I know we're not using most of the information from this class
 * but it can be useful in the future if we will decide to display more stuff in our ui
@ -39,14 +46,19 @@ export default class NetworkMessage {

  getMessage(): INetworkMessage | null {
    const { reqHs, resHs } = this.writeHeaders()
+    const reqBody = this.method === 'GET'
+                    ? JSON.stringify(sanitizeObject(this.getData)) : filterBody(this.requestData)
    const request = {
-      headers: reqHs,
-      body: this.method === 'GET' ? JSON.stringify(this.getData) : this.requestData,
+      headers: filterHeaders(reqHs),
+      body: reqBody,
+    }
+    const response = {
+      headers: filterHeaders(resHs),
+      body: filterBody(this.response)
    }
-    const response = { headers: resHs, body: this.response }

    const messageInfo = this.sanitize({
-      url: this.url,
+      url: tryFilterUrl(this.url),
      method: this.method,
      status: this.status,
      request,
--- a/networkProxy/src/sanitizers.ts
+++ b/networkProxy/src/sanitizers.ts
@ -0,0 +1,130 @@
+export const sensitiveParams = new Set([
+  "password",
+  "pass",
+  "pwd",
+  "mdp",
+  "token",
+  "bearer",
+  "jwt",
+  "api_key",
+  "api-key",
+  "apiKey",
+  "secret",
+  "ssn",
+  "zip",
+  "zipcode",
+  "x-api-key",
+  "www-authenticate",
+  "x-csrf-token",
+  "x-requested-with",
+  "x-forwarded-for",
+  "x-real-ip",
+  "cookie",
+  "authorization",
+  "auth",
+  "proxy-authorization",
+  "set-cookie",
+  "account_key",
+]);
+
+function numDigits(x) {
+  return (Math.log10((x ^ (x >> 31)) - (x >> 31)) | 0) + 1;
+}
+
+function obscure(value: string | number) {
+  if (typeof value === "number") {
+    const digits = numDigits(value)
+    return "9".repeat(digits)
+  }
+  return value.replace(/[^\f\n\r\t\v\u00a0\u1680\u2000-\u200a\u2028\u2029\u202f\u205f\u3000\ufeff\s]/g, '*')
+}
+
+export function filterHeaders(headers: Record<string, string> | { name: string; value: string }[]) {
+  const filteredHeaders: Record<string, string> = {};
+  if (Array.isArray(headers)) {
+    headers.forEach(({ name, value }) => {
+      if (sensitiveParams.has(name.toLowerCase())) {
+        filteredHeaders[name] = obscure(value);
+      } else {
+        filteredHeaders[name] = value;
+      }
+    });
+  } else {
+    for (const [key, value] of Object.entries(headers)) {
+      if (sensitiveParams.has(key.toLowerCase())) {
+        filteredHeaders[key] = obscure(value);
+      } else {
+        filteredHeaders[key] = value;
+      }
+    }
+  }
+  return filteredHeaders;
+}
+
+export function filterBody(body: any): string {
+  if (!body) {
+    return body;
+  }
+
+  let parsedBody;
+  let isJSON = false;
+
+  try {
+    parsedBody = JSON.parse(body);
+    isJSON = true;
+  } catch (e) {
+    // not json
+  }
+
+  if (isJSON) {
+    obscureSensitiveData(parsedBody);
+    return JSON.stringify(parsedBody);
+  } else {
+    const params = new URLSearchParams(body);
+    for (const key of params.keys()) {
+      if (sensitiveParams.has(key.toLowerCase())) {
+        const value = obscure(params.get(key))
+        params.set(key, value);
+      }
+    }
+
+    return params.toString();
+  }
+}
+
+export function sanitizeObject(obj: Record<string, any>) {
+  obscureSensitiveData(obj)
+  return obj
+}
+function obscureSensitiveData(obj: Record<string, any> | any[]) {
+  if (Array.isArray(obj)) {
+    obj.forEach(obscureSensitiveData);
+  } else if (obj && typeof obj === "object") {
+    for (const key in obj) {
+      if (Object.hasOwn(obj, key)) {
+        if (sensitiveParams.has(key.toLowerCase())) {
+          obj[key] = obscure(obj[key]);
+        } else if (obj[key] !== null && typeof obj[key] === "object") {
+          obscureSensitiveData(obj[key]);
+        }
+      }
+    }
+  }
+}
+
+export function tryFilterUrl(url: string) {
+  if (!url) return "";
+  try {
+    const urlObj = new URL(url);
+    if (urlObj.searchParams) {
+      for (const key of urlObj.searchParams.keys()) {
+        if (sensitiveParams.has(key.toLowerCase())) {
+          urlObj.searchParams.set(key, "******");
+        }
+      }
+    }
+    return urlObj.toString();
+  } catch (e) {
+    return url;
+  }
+}
--- a/networkProxy/tests/networkMessage.test.ts
+++ b/networkProxy/tests/networkMessage.test.ts
@ -13,7 +13,7 @@ describe('NetworkMessage', () => {
  describe('getMessage', () => {
    it('should properly construct and return a NetworkRequest', () => {
      // @ts-ignore
-      const networkMessage = new NetworkMessage(ignoredHeaders, setSessionTokenHeader, sanitize);
+      const networkMessage = new NetworkMessage(ignoredHeaders, setSessionTokenHeader, (data) => data);

      networkMessage.method = 'GET';
      networkMessage.url = 'https://example.com';
@ -21,25 +21,35 @@ describe('NetworkMessage', () => {
      networkMessage.requestType = 'xhr';
      networkMessage.startTime = 0;
      networkMessage.duration = 500;
-      networkMessage.getData = { key: 'value' };
-
-      // Expect sanitized message
-      sanitize.mockReturnValueOnce({
-        url: 'https://example.com',
-        method: 'GET',
-        status: 200,
-        request: {},
-        response: {},
-      });
+      networkMessage.getData = {
+        test: 'value',
+        test2: 123
+      };
+      networkMessage.response = JSON.stringify({
+        token: '123123',
+        password: 'qwerty123'
+      })

      const result = networkMessage.getMessage();

      const expected = {
        requestType: 'xhr',
        method: 'GET',
-        url: 'https://example.com',
-        request: JSON.stringify({}),
-        response: JSON.stringify({}),
+        url: 'https://example.com/',
+        request: JSON.stringify({
+          headers: {},
+          body: JSON.stringify({
+            test: 'value',
+            test2: 123
+          }),
+        }),
+        response: JSON.stringify({
+          headers: {},
+          body: JSON.stringify({
+            token: '******',
+            password: '*********',
+          }),
+        }),
        status: 200,
        startTime: result!.startTime,
        duration: 500,
@ -48,7 +58,6 @@ describe('NetworkMessage', () => {

      expect(result).toBeDefined();
      expect(result).toEqual(expected);
-      expect(sanitize).toHaveBeenCalledTimes(1);
    });
  });

--- a/networkProxy/tsconfig.json
+++ b/networkProxy/tsconfig.json
@ -2,6 +2,7 @@
  "compilerOptions": {
    "target": "ES2017",
    "module": "ES2022",
+    "lib": ["ES2022", "DOM", "DOM.Iterable"],
    "declaration": true,
    "outDir": "./dist",
    "strict": false,
--- a/networkProxy/yarn.lock
+++ b/networkProxy/yarn.lock
@ -10,6 +10,17 @@
    "@jridgewell/gen-mapping" "^0.3.5"
    "@jridgewell/trace-mapping" "^0.3.24"

+"@asamuzakjp/css-color@^3.1.1":
+  version "3.1.1"
+  resolved "https://registry.yarnpkg.com/@asamuzakjp/css-color/-/css-color-3.1.1.tgz#41a612834dafd9353b89855b37baa8a03fb67bf2"
+  integrity sha512-hpRD68SV2OMcZCsrbdkccTw5FXjNDLo5OuqSHyHZfwweGsDWZwDJ2+gONyNAbazZclobMirACLw0lk8WVxIqxA==
+  dependencies:
+    "@csstools/css-calc" "^2.1.2"
+    "@csstools/css-color-parser" "^3.0.8"
+    "@csstools/css-parser-algorithms" "^3.0.4"
+    "@csstools/css-tokenizer" "^3.0.3"
+    lru-cache "^10.4.3"
+
 "@babel/code-frame@^7.24.7":
  version "7.24.7"
  resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.24.7.tgz#882fd9e09e8ee324e496bd040401c6f046ef4465"
@ -162,6 +173,34 @@
    "@babel/helper-validator-identifier" "^7.24.7"
    to-fast-properties "^2.0.0"

+"@csstools/color-helpers@^5.0.2":
+  version "5.0.2"
+  resolved "https://registry.yarnpkg.com/@csstools/color-helpers/-/color-helpers-5.0.2.tgz#82592c9a7c2b83c293d9161894e2a6471feb97b8"
+  integrity sha512-JqWH1vsgdGcw2RR6VliXXdA0/59LttzlU8UlRT/iUUsEeWfYq8I+K0yhihEUTTHLRm1EXvpsCx3083EU15ecsA==
+
+"@csstools/css-calc@^2.1.2":
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/@csstools/css-calc/-/css-calc-2.1.2.tgz#bffd55f002dab119b76d4023f95cd943e6c8c11e"
+  integrity sha512-TklMyb3uBB28b5uQdxjReG4L80NxAqgrECqLZFQbyLekwwlcDDS8r3f07DKqeo8C4926Br0gf/ZDe17Zv4wIuw==
+
+"@csstools/css-color-parser@^3.0.8":
+  version "3.0.8"
+  resolved "https://registry.yarnpkg.com/@csstools/css-color-parser/-/css-color-parser-3.0.8.tgz#5fe9322920851450bf5e065c2b0e731b9e165394"
+  integrity sha512-pdwotQjCCnRPuNi06jFuP68cykU1f3ZWExLe/8MQ1LOs8Xq+fTkYgd+2V8mWUWMrOn9iS2HftPVaMZDaXzGbhQ==
+  dependencies:
+    "@csstools/color-helpers" "^5.0.2"
+    "@csstools/css-calc" "^2.1.2"
+
+"@csstools/css-parser-algorithms@^3.0.4":
+  version "3.0.4"
+  resolved "https://registry.yarnpkg.com/@csstools/css-parser-algorithms/-/css-parser-algorithms-3.0.4.tgz#74426e93bd1c4dcab3e441f5cc7ba4fb35d94356"
+  integrity sha512-Up7rBoV77rv29d3uKHUIVubz1BTcgyUK72IvCQAbfbMv584xHcGKCKbWh7i8hPrRJ7qU4Y8IO3IY9m+iTB7P3A==
+
+"@csstools/css-tokenizer@^3.0.3":
+  version "3.0.3"
+  resolved "https://registry.yarnpkg.com/@csstools/css-tokenizer/-/css-tokenizer-3.0.3.tgz#a5502c8539265fecbd873c1e395a890339f119c2"
+  integrity sha512-UJnjoFsmxfKUdNYdWgOB0mWUypuLvAfQPH1+pyvRJs6euowbFkFC6P13w1l8mJyi3vxYMxc9kld5jZEGRQs6bw==
+
 "@esbuild/aix-ppc64@0.21.5":
  version "0.21.5"
  resolved "https://registry.yarnpkg.com/@esbuild/aix-ppc64/-/aix-ppc64-0.21.5.tgz#c7184a326533fcdf1b8ee0733e21c713b975575f"
@ -491,13 +530,18 @@
    loupe "^3.1.1"
    tinyrainbow "^1.2.0"

-agent-base@^7.0.2, agent-base@^7.1.0:
+agent-base@^7.1.0:
  version "7.1.1"
  resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-7.1.1.tgz#bdbded7dfb096b751a2a087eeeb9664725b2e317"
  integrity sha512-H0TSyFNDMomMNJQBn8wFV5YC/2eJ+VXECwOadZJT554xP6cODZHPX3H9QMQECxvrgiSOP1pHjy1sMWQVYJOUOA==
  dependencies:
    debug "^4.3.4"

+agent-base@^7.1.2:
+  version "7.1.3"
+  resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-7.1.3.tgz#29435eb821bc4194633a5b89e5bc4703bafc25a1"
+  integrity sha512-jRR5wdylq8CkOe6hei19GGZnxM6rBGwFl3Bg0YItGDimvjGtAvdZk4Pu6Cl4u4Igsws4a1fd1Vq3ezrhn4KmFw==
+
 ansi-regex@^5.0.1:
  version "5.0.1"
  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.1.tgz#082cb2c89c9fe8659a311a53bd6a4dc5301db304"
@ -564,6 +608,14 @@ cac@^6.7.14:
  resolved "https://registry.yarnpkg.com/cac/-/cac-6.7.14.tgz#804e1e6f506ee363cb0e3ccbb09cad5dd9870959"
  integrity sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==

+call-bind-apply-helpers@^1.0.1, call-bind-apply-helpers@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz#4b5428c222be985d79c3d82657479dbe0b59b2d6"
+  integrity sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==
+  dependencies:
+    es-errors "^1.3.0"
+    function-bind "^1.1.2"
+
 caniuse-lite@^1.0.30001663:
  version "1.0.30001664"
  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001664.tgz#d588d75c9682d3301956b05a3749652a80677df4"
@ -639,12 +691,13 @@ cross-spawn@^7.0.0:
    shebang-command "^2.0.0"
    which "^2.0.1"

-cssstyle@^4.1.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/cssstyle/-/cssstyle-4.1.0.tgz#161faee382af1bafadb6d3867a92a19bcb4aea70"
-  integrity sha512-h66W1URKpBS5YMI/V8PyXvTMFT8SupJ1IzoIV8IeBC/ji8WVmrO8dGlTi+2dh6whmdk6BiKJLD/ZBkhWbcg6nA==
+cssstyle@^4.2.1:
+  version "4.3.0"
+  resolved "https://registry.yarnpkg.com/cssstyle/-/cssstyle-4.3.0.tgz#83db22d1aec8eb7e5ecd812b4d14a17fb3dd243d"
+  integrity sha512-6r0NiY0xizYqfBvWp1G7WXJ06/bZyrk7Dc6PHql82C/pKGUTKu4yAX4Y8JPamb1ob9nBKuxWzCGTRuGwU3yxJQ==
  dependencies:
-    rrweb-cssom "^0.7.1"
+    "@asamuzakjp/css-color" "^3.1.1"
+    rrweb-cssom "^0.8.0"

 data-urls@^5.0.0:
  version "5.0.0"
@ -676,6 +729,15 @@ delayed-stream@~1.0.0:
  resolved "https://registry.yarnpkg.com/delayed-stream/-/delayed-stream-1.0.0.tgz#df3ae199acadfb7d440aaae0b29e2272b24ec619"
  integrity sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==

+dunder-proto@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/dunder-proto/-/dunder-proto-1.0.1.tgz#d7ae667e1dc83482f8b70fd0f6eefc50da30f58a"
+  integrity sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==
+  dependencies:
+    call-bind-apply-helpers "^1.0.1"
+    es-errors "^1.3.0"
+    gopd "^1.2.0"
+
 eastasianwidth@^0.2.0:
  version "0.2.0"
  resolved "https://registry.yarnpkg.com/eastasianwidth/-/eastasianwidth-0.2.0.tgz#696ce2ec0aa0e6ea93a397ffcf24aa7840c827cb"
@ -696,11 +758,38 @@ emoji-regex@^9.2.2:
  resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-9.2.2.tgz#840c8803b0d8047f4ff0cf963176b32d4ef3ed72"
  integrity sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==

-entities@^4.4.0:
+entities@^4.5.0:
  version "4.5.0"
  resolved "https://registry.yarnpkg.com/entities/-/entities-4.5.0.tgz#5d268ea5e7113ec74c4d033b79ea5a35a488fb48"
  integrity sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==

+es-define-property@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/es-define-property/-/es-define-property-1.0.1.tgz#983eb2f9a6724e9303f61addf011c72e09e0b0fa"
+  integrity sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==
+
+es-errors@^1.3.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/es-errors/-/es-errors-1.3.0.tgz#05f75a25dab98e4fb1dcd5e1472c0546d5057c8f"
+  integrity sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==
+
+es-object-atoms@^1.0.0, es-object-atoms@^1.1.1:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/es-object-atoms/-/es-object-atoms-1.1.1.tgz#1c4f2c4837327597ce69d2ca190a7fdd172338c1"
+  integrity sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==
+  dependencies:
+    es-errors "^1.3.0"
+
+es-set-tostringtag@^2.1.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz#f31dbbe0c183b00a6d26eb6325c810c0fd18bd4d"
+  integrity sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==
+  dependencies:
+    es-errors "^1.3.0"
+    get-intrinsic "^1.2.6"
+    has-tostringtag "^1.0.2"
+    hasown "^2.0.2"
+
 esbuild@^0.21.3:
  version "0.21.5"
  resolved "https://registry.yarnpkg.com/esbuild/-/esbuild-0.21.5.tgz#9ca301b120922959b766360d8ac830da0d02997d"
@ -755,13 +844,14 @@ foreground-child@^3.1.0:
    cross-spawn "^7.0.0"
    signal-exit "^4.0.1"

-form-data@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.0.tgz#93919daeaf361ee529584b9b31664dc12c9fa452"
-  integrity sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==
+form-data@^4.0.1:
+  version "4.0.2"
+  resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.2.tgz#35cabbdd30c3ce73deb2c42d3c8d3ed9ca51794c"
+  integrity sha512-hGfm/slu0ZabnNt4oaRZ6uREyfCj6P4fT/n6A1rGV+Z0VdGXjfOhVUpkn6qVQONHGIFwmveGXyDs75+nr6FM8w==
  dependencies:
    asynckit "^0.4.0"
    combined-stream "^1.0.8"
+    es-set-tostringtag "^2.1.0"
    mime-types "^2.1.12"

 fsevents@~2.3.2, fsevents@~2.3.3:
@ -769,6 +859,11 @@ fsevents@~2.3.2, fsevents@~2.3.3:
  resolved "https://registry.yarnpkg.com/fsevents/-/fsevents-2.3.3.tgz#cac6407785d03675a2a5e1a5305c697b347d90d6"
  integrity sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==

+function-bind@^1.1.2:
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.2.tgz#2c02d864d97f3ea6c8830c464cbd11ab6eab7a1c"
+  integrity sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==
+
 gensync@^1.0.0-beta.2:
  version "1.0.0-beta.2"
  resolved "https://registry.yarnpkg.com/gensync/-/gensync-1.0.0-beta.2.tgz#32a6ee76c3d7f52d46b2b1ae5d93fea8580a25e0"
@ -779,6 +874,30 @@ get-func-name@^2.0.1:
  resolved "https://registry.yarnpkg.com/get-func-name/-/get-func-name-2.0.2.tgz#0d7cf20cd13fda808669ffa88f4ffc7a3943fc41"
  integrity sha512-8vXOvuE167CtIc3OyItco7N/dpRtBbYOsPsXCz7X/PMnlGjYjSGuZJgM1Y7mmew7BKf9BqvLX2tnOVy1BBUsxQ==

+get-intrinsic@^1.2.6:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.3.0.tgz#743f0e3b6964a93a5491ed1bffaae054d7f98d01"
+  integrity sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==
+  dependencies:
+    call-bind-apply-helpers "^1.0.2"
+    es-define-property "^1.0.1"
+    es-errors "^1.3.0"
+    es-object-atoms "^1.1.1"
+    function-bind "^1.1.2"
+    get-proto "^1.0.1"
+    gopd "^1.2.0"
+    has-symbols "^1.1.0"
+    hasown "^2.0.2"
+    math-intrinsics "^1.1.0"
+
+get-proto@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/get-proto/-/get-proto-1.0.1.tgz#150b3f2743869ef3e851ec0c49d15b1d14d00ee1"
+  integrity sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==
+  dependencies:
+    dunder-proto "^1.0.1"
+    es-object-atoms "^1.0.0"
+
 glob@^10.4.1:
  version "10.4.5"
  resolved "https://registry.yarnpkg.com/glob/-/glob-10.4.5.tgz#f4d9f0b90ffdbab09c9d77f5f29b4262517b0956"
@ -796,6 +915,11 @@ globals@^11.1.0:
  resolved "https://registry.yarnpkg.com/globals/-/globals-11.12.0.tgz#ab8795338868a0babd8525758018c2a7eb95c42e"
  integrity sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==

+gopd@^1.2.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/gopd/-/gopd-1.2.0.tgz#89f56b8217bdbc8802bd299df6d7f1081d7e51a1"
+  integrity sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==
+
 has-flag@^3.0.0:
  version "3.0.0"
  resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-3.0.0.tgz#b5d454dc2199ae225699f3467e5a07f3b955bafd"
@ -806,6 +930,25 @@ has-flag@^4.0.0:
  resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-4.0.0.tgz#944771fd9c81c81265c4d6941860da06bb59479b"
  integrity sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==

+has-symbols@^1.0.3, has-symbols@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.1.0.tgz#fc9c6a783a084951d0b971fe1018de813707a338"
+  integrity sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==
+
+has-tostringtag@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/has-tostringtag/-/has-tostringtag-1.0.2.tgz#2cdc42d40bef2e5b4eeab7c01a73c54ce7ab5abc"
+  integrity sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==
+  dependencies:
+    has-symbols "^1.0.3"
+
+hasown@^2.0.2:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/hasown/-/hasown-2.0.2.tgz#003eaf91be7adc372e84ec59dc37252cedb80003"
+  integrity sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==
+  dependencies:
+    function-bind "^1.1.2"
+
 html-encoding-sniffer@^4.0.0:
  version "4.0.0"
  resolved "https://registry.yarnpkg.com/html-encoding-sniffer/-/html-encoding-sniffer-4.0.0.tgz#696df529a7cfd82446369dc5193e590a3735b448"
@ -826,12 +969,12 @@ http-proxy-agent@^7.0.2:
    agent-base "^7.1.0"
    debug "^4.3.4"

-https-proxy-agent@^7.0.5:
-  version "7.0.5"
-  resolved "https://registry.yarnpkg.com/https-proxy-agent/-/https-proxy-agent-7.0.5.tgz#9e8b5013873299e11fab6fd548405da2d6c602b2"
-  integrity sha512-1e4Wqeblerz+tMKPIq2EMGiiWW1dIjZOksyHWSUm1rmuvw/how9hBHZ38lAGj5ID4Ik6EdkOw7NmWPy6LAwalw==
+https-proxy-agent@^7.0.6:
+  version "7.0.6"
+  resolved "https://registry.yarnpkg.com/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz#da8dfeac7da130b05c2ba4b59c9b6cd66611a6b9"
+  integrity sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==
  dependencies:
-    agent-base "^7.0.2"
+    agent-base "^7.1.2"
    debug "4"

 iconv-lite@0.6.3:
@ -912,22 +1055,22 @@ js-tokens@^4.0.0:
  resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499"
  integrity sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==

-jsdom@^25.0.1:
-  version "25.0.1"
-  resolved "https://registry.yarnpkg.com/jsdom/-/jsdom-25.0.1.tgz#536ec685c288fc8a5773a65f82d8b44badcc73ef"
-  integrity sha512-8i7LzZj7BF8uplX+ZyOlIz86V6TAsSs+np6m1kpW9u0JWi4z/1t+FzcK1aek+ybTnAC4KhBL4uXCNT0wcUIeCw==
+jsdom@^26.0.0:
+  version "26.0.0"
+  resolved "https://registry.yarnpkg.com/jsdom/-/jsdom-26.0.0.tgz#446dd1ad8cfc50df7e714e58f1f972c1763b354c"
+  integrity sha512-BZYDGVAIriBWTpIxYzrXjv3E/4u8+/pSG5bQdIYCbNCGOvsPkDQfTVLAIXAf9ETdCpduCVTkDe2NNZ8NIwUVzw==
  dependencies:
-    cssstyle "^4.1.0"
+    cssstyle "^4.2.1"
    data-urls "^5.0.0"
    decimal.js "^10.4.3"
-    form-data "^4.0.0"
+    form-data "^4.0.1"
    html-encoding-sniffer "^4.0.0"
    http-proxy-agent "^7.0.2"
-    https-proxy-agent "^7.0.5"
+    https-proxy-agent "^7.0.6"
    is-potential-custom-element-name "^1.0.1"
-    nwsapi "^2.2.12"
-    parse5 "^7.1.2"
-    rrweb-cssom "^0.7.1"
+    nwsapi "^2.2.16"
+    parse5 "^7.2.1"
+    rrweb-cssom "^0.8.0"
    saxes "^6.0.0"
    symbol-tree "^3.2.4"
    tough-cookie "^5.0.0"
@ -935,7 +1078,7 @@ jsdom@^25.0.1:
    webidl-conversions "^7.0.0"
    whatwg-encoding "^3.1.1"
    whatwg-mimetype "^4.0.0"
-    whatwg-url "^14.0.0"
+    whatwg-url "^14.1.0"
    ws "^8.18.0"
    xml-name-validator "^5.0.0"

@ -956,7 +1099,7 @@ loupe@^3.1.0, loupe@^3.1.1:
  dependencies:
    get-func-name "^2.0.1"

-lru-cache@^10.2.0:
+lru-cache@^10.2.0, lru-cache@^10.4.3:
  version "10.4.3"
  resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-10.4.3.tgz#410fc8a17b70e598013df257c2446b7f3383f119"
  integrity sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==
@ -991,6 +1134,11 @@ make-dir@^4.0.0:
  dependencies:
    semver "^7.5.3"

+math-intrinsics@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/math-intrinsics/-/math-intrinsics-1.1.0.tgz#a0dd74be81e2aa5c2f27e65ce283605ee4e2b7f9"
+  integrity sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==
+
 mime-db@1.52.0:
  version "1.52.0"
  resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.52.0.tgz#bbabcdc02859f4987301c856e3387ce5ec43bf70"
@ -1030,22 +1178,22 @@ node-releases@^2.0.18:
  resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-2.0.18.tgz#f010e8d35e2fe8d6b2944f03f70213ecedc4ca3f"
  integrity sha512-d9VeXT4SJ7ZeOqGX6R5EM022wpL+eWPooLI+5UpWn2jCT1aosUQEhQP214x33Wkwx3JQMvIm+tIoVOdodFS40g==

-nwsapi@^2.2.12:
-  version "2.2.13"
-  resolved "https://registry.yarnpkg.com/nwsapi/-/nwsapi-2.2.13.tgz#e56b4e98960e7a040e5474536587e599c4ff4655"
-  integrity sha512-cTGB9ptp9dY9A5VbMSe7fQBcl/tt22Vcqdq8+eN93rblOuE0aCFu4aZ2vMwct/2t+lFnosm8RkQW1I0Omb1UtQ==
+nwsapi@^2.2.16:
+  version "2.2.19"
+  resolved "https://registry.yarnpkg.com/nwsapi/-/nwsapi-2.2.19.tgz#586660f7c24c34691907002309a8dc28064c9c0b"
+  integrity sha512-94bcyI3RsqiZufXjkr3ltkI86iEl+I7uiHVDtcq9wJUTwYQJ5odHDeSzkkrRzi80jJ8MaeZgqKjH1bAWAFw9bA==

 package-json-from-dist@^1.0.0:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz#4f1471a010827a86f94cfd9b0727e36d267de505"
  integrity sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==

-parse5@^7.1.2:
-  version "7.1.2"
-  resolved "https://registry.yarnpkg.com/parse5/-/parse5-7.1.2.tgz#0736bebbfd77793823240a23b7fc5e010b7f8e32"
-  integrity sha512-Czj1WaSVpaoj0wbhMzLmWD69anp2WH7FXMB9n1Sy8/ZFF9jolSQVMu1Ij5WIyGmcBmhk7EOndpO4mIpihVqAXw==
+parse5@^7.2.1:
+  version "7.2.1"
+  resolved "https://registry.yarnpkg.com/parse5/-/parse5-7.2.1.tgz#8928f55915e6125f430cc44309765bf17556a33a"
+  integrity sha512-BuBYQYlv1ckiPdQi/ohiivi9Sagc9JG+Ozs0r7b/0iK3sKmrb0b9FdWdBbOdx6hBCM/F9Ir82ofnBhtZOjCRPQ==
  dependencies:
-    entities "^4.4.0"
+    entities "^4.5.0"

 path-key@^3.1.0:
  version "3.1.1"
@ -1114,10 +1262,10 @@ rollup@^4.20.0:
    "@rollup/rollup-win32-x64-msvc" "4.22.5"
    fsevents "~2.3.2"

-rrweb-cssom@^0.7.1:
-  version "0.7.1"
-  resolved "https://registry.yarnpkg.com/rrweb-cssom/-/rrweb-cssom-0.7.1.tgz#c73451a484b86dd7cfb1e0b2898df4b703183e4b"
-  integrity sha512-TrEMa7JGdVm0UThDJSx7ddw5nVm3UJS9o9CCIZ72B1vSyEZoziDqBYP3XIoi/12lKrJR8rE3jeFHMok2F/Mnsg==
+rrweb-cssom@^0.8.0:
+  version "0.8.0"
+  resolved "https://registry.yarnpkg.com/rrweb-cssom/-/rrweb-cssom-0.8.0.tgz#3021d1b4352fbf3b614aaeed0bc0d5739abe0bc2"
+  integrity sha512-guoltQEx+9aMf2gDZ0s62EcV8lsXR+0w8915TC3ITdn2YueuNjdAYh/levpU9nFaoChh9RUS5ZdQMrKfVEN9tw==

 "safer-buffer@>= 2.1.2 < 3.0.0":
  version "2.1.2"
@ -1179,6 +1327,7 @@ std-env@^3.7.0:
  integrity sha512-JPbdCEQLj1w5GilpiHAx3qJvFndqybBysA3qUOnznweH4QbNYUsW/ea8QzSrnh0vNsezMMw5bcVool8lM0gwzg==

 "string-width-cjs@npm:string-width@^4.2.0", string-width@^4.1.0:
+  name string-width-cjs
  version "4.2.3"
  resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010"
  integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==
@ -1197,6 +1346,7 @@ string-width@^5.0.1, string-width@^5.1.2:
    strip-ansi "^7.0.1"

 "strip-ansi-cjs@npm:strip-ansi@^6.0.1", strip-ansi@^6.0.0, strip-ansi@^6.0.1:
+  name strip-ansi-cjs
  version "6.0.1"
  resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9"
  integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==
@ -1294,10 +1444,17 @@ tr46@^5.0.0:
  dependencies:
    punycode "^2.3.1"

-typescript@^5.6.2:
-  version "5.6.2"
-  resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.6.2.tgz#d1de67b6bef77c41823f822df8f0b3bcff60a5a0"
-  integrity sha512-NW8ByodCSNCwZeghjN3o+JX5OFH0Ojg6sadjEKY4huZ52TqbJTJnDo5+Tw98lSy63NZvi4n+ez5m2u5d4PkZyw==
+tr46@^5.1.0:
+  version "5.1.0"
+  resolved "https://registry.yarnpkg.com/tr46/-/tr46-5.1.0.tgz#4a077922360ae807e172075ce5beb79b36e4a101"
+  integrity sha512-IUWnUK7ADYR5Sl1fZlO1INDUhVhatWl7BtJWsIhwJ0UAK7ilzzIa8uIqOO/aYVWHZPJkKbEL+362wrzoeRF7bw==
+  dependencies:
+    punycode "^2.3.1"
+
+typescript@^5.8.2:
+  version "5.8.2"
+  resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.8.2.tgz#8170b3702f74b79db2e5a96207c15e65807999e4"
+  integrity sha512-aJn6wq13/afZp/jT9QZmwEjDqqvSGp1VT5GVg+f/t6/oVyrgXM6BY1h9BRh/O5p3PlUPAe+WuiEZOmb/49RqoQ==

 update-browserslist-db@^1.1.0:
  version "1.1.1"
@ -1385,6 +1542,14 @@ whatwg-url@^14.0.0:
    tr46 "^5.0.0"
    webidl-conversions "^7.0.0"

+whatwg-url@^14.1.0:
+  version "14.2.0"
+  resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-14.2.0.tgz#4ee02d5d725155dae004f6ae95c73e7ef5d95663"
+  integrity sha512-De72GdQZzNTUBBChsXueQUnPKDkg/5A5zp7pFDuQAj5UFoENpiACU0wlCvzpAGnTkj++ihpKwKyYewn/XNUbKw==
+  dependencies:
+    tr46 "^5.1.0"
+    webidl-conversions "^7.0.0"
+
 which@^2.0.1:
  version "2.0.2"
  resolved "https://registry.yarnpkg.com/which/-/which-2.0.2.tgz#7c6a8dd0a636a0327e10b59c9286eee93f3f51b1"
--- a/tracker/tracker/CHANGELOG.md
+++ b/tracker/tracker/CHANGELOG.md
@ -1,6 +1,7 @@
 ## 16.1.0

 - new `privateMode` option to hide all possible data from tracking
+- update `networkProxy` to 1.1.0 (auto sanitizer for sensitive parameters in network requests)

 ## 16.0.3

--- a/tracker/tracker/package.json
+++ b/tracker/tracker/package.json
@ -76,7 +76,7 @@
  },
  "dependencies": {
    "@medv/finder": "^4.0.2",
-    "@openreplay/network-proxy": "^1.0.5",
+    "@openreplay/network-proxy": "^1.1.0",
    "error-stack-parser": "^2.0.6",
    "error-stack-parser-es": "^0.1.5",
    "fflate": "^0.8.2",
--- a/tracker/tracker/src/tests/sanitizer.unit.test.ts
+++ b/tracker/tracker/src/tests/sanitizer.unit.test.ts
@ -3,7 +3,7 @@ import Sanitizer, { SanitizeLevel, Options, stringWiper } from '../main/app/sani

 describe('stringWiper', () => {
  test('should replace all characters with *', () => {
-    expect(stringWiper('Sensitive Data')).toBe('**************')
+    expect(stringWiper('Sensitive Data')).toBe('********* ****')
  })
 })

@ -126,7 +126,7 @@ describe('Sanitizer', () => {
    element.mockId = 1
    element.innerText = 'Sensitive Data'
    const sanitizedText = sanitizer.getInnerTextSecure(element)
-    expect(sanitizedText).toEqual('**************')
+    expect(sanitizedText).toEqual('********* ****')
  })

  test('should return empty string if node element does not exist', () => {
--- a/tracker/tracker/src/webworker/BatchWriter.unit.test.ts
+++ b/tracker/tracker/src/webworker/BatchWriter.unit.test.ts
@ -21,7 +21,7 @@ describe('BatchWriter', () => {
    expect(batchWriter['timestamp']).toBe(123456789)
    expect(batchWriter['url']).toBe('example.com')
    expect(batchWriter['onBatch']).toBe(onBatchMock)
-    // we add tab id as first in the batch
+    // we add tab and timestamp as first in the batch
    expect(batchWriter['nextIndex']).toBe(2)
    expect(batchWriter['beaconSize']).toBe(200000)
    expect(batchWriter['encoder']).toBeDefined()