When I use the built-in Chrome inspect element, click on the networking tab and view a login.action file or session file, it shows the password in plain text. Is this normal?
Asked
Active
Viewed 831 times
1 Answers
5
Yes, this is normal.
The networking tab in the Chrome developer tools show network operations for the website you are on, but all this traffic would be encrypted over the wire if the site uses SSL/TLS.
For example, here's a login captured on a website with SSL/TLS:
General
Request URL: https://www.w3schools.com/action_page.php
Request Method: POST
Status Code: 200
Form Data
uname: someUsername
psw: somePassword
remember: on
And if Wireshark is used to capture the post request, all you can see is some encrypted data.
Joe
- 2,764
- 2
- 13
- 22