Yes, in this case the square brackets would be considered part of the password.
to go on, in this example anything after password= and before a possible & would be considered part of the password, just like a real world API call.
If the password in the URL looks like so:
user=sys&password=[MyP4$$W0rD!]
Should we be masking the square brackets as well as the characters inside them?
Loading collection data...
Yes, in this case the square brackets would be considered part of the password.
to go on, in this example anything after password= and before a possible & would be considered part of the password, just like a real world API call.
If the password in the URL looks like so:
user=sys&password=[MyP4$$W0rD!]
Should we be masking the square brackets as well as the characters inside them?