Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Password seen in clear text on Burp tool

Garry Aug 27, 2019 12:48PM UTC

Hi ,

My website has login form. I have entered username and password and intercepted in Burp proxy.

Password is seen in clear text in request body

Is this vulnerability ? Also, please explain how is this possible ?

Is yes, as a PEN tester what is the recommendation to be given for encrypting password in the request body?


Liam Tai-Hogan Aug 28, 2019 07:32AM UTC Support Center agent

Burp Suite breaks the SSL connection. However, Burp’s own SSL certificate is installed in your browser. Very few applications hash a password before it is sent to the server.

Burp identifies when an application transmits passwords over unencrypted connections:

- https://portswigger.net/kb/issues/00300100_cleartext-submission-of-password

Please let us know if you need any further assistance.


Post Your public answer

Your name
Your email address
Answer