I know I might take a lot of flack for asking this basic question, but I hope you'll be patient with me. I was looking at a few websites and analyzing the payload when sending a POST request to login.
ON GitHub, for example, I can see both username and password when sending the request.
Whereas, on ProtonMail, which is supposed to be a very secure mail, I can only see the username, but not the password, which is good obviously.
So, my question is if I can see the password in the request, does it mean the site is vulnerable? Is one prone to a MITM attack if logging in using a free WiFi? Thanks for the clarification.
