we intercept a request using any proxy tool(burp) and modify the content and resend the request, during this process whether we are intercepting the request of the application in browser level or in network level. because in some applications while using burp am finding that the login credentials are been displaying in plain text(without any encryption) whereas it is encrypted using other like wire shark. can we take this as an issue if the information is shown in plain text in Burp tool?
Asked
Active
Viewed 2,127 times
1
-
[A possibly useful question and answer.](http://security.stackexchange.com/questions/72679/differences-between-using-tor-browser-and-vpn/72729#72729) – RoraΖ Jan 05 '16 at 12:41
1 Answers
1
So this looks like two questions; 1. which OSI layer do tools like burp suite work on, and 2. is it an issue if information is in the clear in a proxy tool but not in a raw capture from wireshark.
Proxies like burp operate on OSI layer 7 (application) which allows them to understand HTTP, and traffic must be directed to them by configuring the client application.
Burp is doing an MiTM attack on the encryption as you are routing traffic through it, wireshark on the other hand is just capturing the raw traffic and does not has enough information to allow it to decrypt the traffic (by default), so nothing to worry about so long as it's encrypted in wireshark.
GreatSeaSpider
- 2,054
- 16
- 14