Recorder exposes password on login pages

How can I prevent katalon recorder from displaying cleartext passwords? When I start a recording I see something like the following:

id=password MyPasswordIsRevealedInClearText

NOTE: This happens when passwords are saved in the browser (chrome and firefox).

Hi Kevin,

Katalon Recorder doesn’t support masked password field yet. However, I will put this request in the queue for consideration.

Thanks for using Katalon Recorder,
Liam

Hi @Kevin_Medeiros, did you find a solution for this? This is a 3-year-old post. Does the current version of the Katolan recorder support masking sensitive fields like passwords at the time of recording?

Hi @nitin.chauhan

Unfortunately we haven’t got to this yet. Can you clarify more about this, do you want the password to be masked during execution, or do you want the password to be masked in the test case view? Do you share your scripts with your colleagues so you don’t want to share sensitive information?

HI @ThanhTo, Thank you so much for the quick response.

we would like to see if that can be done during execution itself. While parsing the DOM during execution is it not possible to figure out that for a TYPE command if the input type is “hidden” or if the input type is “password” then automatically provide two values both masked for us and unmasked for our customer?

@nitin.chauhan

I still haven’t quite grasped the problem yet yet. I’m running Katalon Recorder tests on a page that has a password input and the password is automatically masked:

Are you seeing that this is not the case on your side?

The test I run is here, the website is also publicly availablee.

test.html (4.1 KB)

@ThanhTo - If you look at the test that you have shared, the last record is
type id=txt-password ThisIsNotAPassword

My problem is that if the recorder knows, while parsing the dom, that the input type is password in this case, why is it showing me the password that was entered for this test, which is “ThisIsNotAPassword”. The recorder should be smart enough to not expose passwords like this as Katolan recorder may be used by a naive client/customer of ours to automate their test cases.

For the scenario to test login with a wrong password, its fine since the password captured is anyways wrong, but for the successful login scenario, the recorder should be able to store two values - one that is the actual password, one a masked value of the password like base64 encoded or encrypted etc.