Password seen in clear text on Burp tool
My website has login form. I have entered username and password and intercepted in Burp proxy.
Password is seen in clear text in request body
Is this vulnerability ? Also, please explain how is this possible ?
Is yes, as a PEN tester what is the recommendation to be given for encrypting password in the request body?
Burp Suite breaks the SSL connection. However, Burp’s own SSL certificate is installed in your browser. Very few applications hash a password before it is sent to the server.
Burp identifies when an application transmits passwords over unencrypted connections:
Please let us know if you need any further assistance.