The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Password Exposed in Dashboard

Tim | Last updated: Mar 24, 2020 03:28PM UTC

I noticed in a recent class that Burp Pro 2020.2.1 plainly displays the clear text password in the dashboard while an authenticated crawl is running. I can't imagine that this isn't a bug, because it doesn't make sense in the context of our previous conversations about the password not being shown in the scan configuration interface, so just wanted to let you know that it is happening. To make sure that it wasn't just a coincidence of the word "password" I tested it with random passwords as well and saw the cleartext password there each and every time. While I would still like to be able to see the password I'm typing into the Scan Configuration, there is literally no reason for me to have my password told to me in the dashboard of a scan.

Uthman, PortSwigger Agent | Last updated: Mar 25, 2020 08:28AM UTC