0

I have very little knowledge about security testing. I have been given a assignment to do penetration testing using burp free version.

When I started using burp suite then on a page of employee information I saw requests are passing as plain text. Can we consider it as sensitive data exposure ?

Can anyone give me details how hacker can use such information? Click here for Image

Dhaval Dosi
  • 25
  • 5
  • Is this a training assignment? If you have “very little knowledge about security testing”, maybe someone else should do security testing…? – Ry- Feb 14 '18 at 09:18
  • You can't conclude that. Burp is an SSL-breaking proxy so it able to view plain text even when the communication is encrypted. In Proxy > HTTP History, look at the SSL column. If this is not ticked, then the message is unencrypted. – PortSwigger Feb 14 '18 at 09:43
  • It is not ticketed. Means message is encrypted which means its vulnerable. – Dhaval Dosi Feb 14 '18 at 14:12
  • Yes, the snapshot which you provided shows that it's vulnerable. – Savan Gadhiya May 21 '18 at 10:54

0 Answers0