Burp Suite User Forum

Create new post

Plaintext Password Storage

Mark | Last updated: Sep 21, 2018 03:29PM UTC

Hello, If upstream proxy authentication is configured, the password is stored in cleartext within UserConfigPro.json; line 23 in my file. Cheers, Mark

PortSwigger Agent | Last updated: Sep 24, 2018 07:14AM UTC

Hi Mark, Thanks for getting in touch. This behavior is by design. We need the password in plaintext to present to the upstream proxy, so hashing is not possible. We encourage you to protect your project and configuration files just like you protect any other confidential file - using full disk encryption, etc.

Mark | Last updated: Sep 08, 2023 11:09AM UTC

Are there any further thoughts on this issue? Options for retrieval from secure password vaults etc? Thanks

Michelle, PortSwigger Agent | Last updated: Sep 11, 2023 07:43AM UTC

We have not made any changes to this option since the original post. Some of the same design decisions still stand, but we appreciate your feedback.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.