`unhar`: Content extraction insufficient

It's really unfortunate that there are so many differences between HAR implementations. :(

Note that text and params fields are mutually exclusive.

Yeah, that's not true at all in practice. Let's go through a few examples.

File upload

I've used https://cgi-lib.berkeley.edu/ex/fup.cgi to capture a HAR of a simple file upload in Firefox (file-upload-firefox.json) and Chrome (file-upload-chrome.har).

The site uses multipart/form-data as the encoding:

In Firefox, the raw multipart encoded data ends up as a string in text in the HAR:

In Chrome, meanwhile, both text and params are populated in the HAR:

In params, the file I uploaded is "helpfully" replaced with (binary), in text, it appears to be missing entirely. In fact, as far as I can tell, the uploaded file isn't included anywhere in the HAR. o.o

And indeed, I can't seem to find a way to get to it in the Chrome dev tools, either:

So, don't use Chrome to generate HAR files if you want them to actually contain everything you've uploaded, I guess? Phenomenal stuff.

HTML form

I also tried a more simple case of this basic HTML form in Chrome (post-chrome.json) and Firefox (post-firefox.har):

<!DOCTYPE html>
<html>
<body>
<form action="https://example.org" method="post">
    <input type="text" name="test">
    <input type="submit">
</form>
</body>
</html>

As I didn't set an enctype, the data is transmitted as application/x-www-form-urlencoded (the default).

In Firefox, both text and params are populated, with the raw and parsed data, respectively:

The same is the case in Chrome:

Other implementations

I also tried two other HAR implementations. First, Insomnia (post-insomnia.har, multipart-insomnia.har), which only populates params in both cases:

And, more importantly for us, the mitmproxy HAR dump script. I only had an example for application/x-www-form-urlencoded lying around. In that case, it populates both params and text:

tweaselORG / TrackHAR