how to encrypt the password?

i use this in my code:


Gatling just send the value that you pass (but the value here would be UrlEncoded).
If your application performs encryption on the client side, it’s your responsibility to do the same in Gatling.

i just want to send the password in a way that will not be show in the other side.
i have tried:


is this the way you mean?
i have debugged it and i see in Charles that the user is appear.

It looks like you’re confusing query params (that appear in the url’s query) and form params (used for encoding params in the request body, typical form-url-encoded Content-Type).

ok but it still not help me how to do it :slight_smile:

What you’re asking is everything but clear.
The title of your thread is about encryption. Then, you’re asking about queryParam. And then about form-url-encoded.

Please explain what you’re trying to do. If this has nothing to do about encryption, but you just want to post a single form, use formParam.

i just want that the password value will be encoded. it is always needed in password no ? i see that by default you do it in gatling and if you don’t want it u use disableUrlEncoding.
so maybe i don’t need to do nothing.
but actually i see the password in monitor charles.

HTML deal with passwords in any special way, password type inputs will be sent over HTTP as plain text, just like any other field, hence securing the transport layer with HTTPS.

so nothing to be done on it.
i am just wondering what is in jmeter in http request in the section “send parameters with the request”, when you add user name, password… parameters, there is also a column called Encode? usually, i check it.

Form and query parameters have to be encoding (in similar but different ways). Note that it’s “encoded” (which is about transforming some reserved characters), NOT “encrypted” (which is about cryptography).
I guess this checkbox is about if the values you feed have been already encoded or not, so the values don’t get encoded twice. Gatling has a similar feature (encoding is enabled by default, but you can disable it).


Usually people encode/encrypt passwords, in case, someone else come across there script, they wont see the password in clear text.

At work, we are also required to encode/encrypt passwords in scripts. I simply created a simple java class and imported in my simulations. Here is the java class.

import javax.crypto.
import sun.misc.*;
import javax.crypto.spec.SecretKeySpec;

public class StringCrypto {

private static final String ALGO = “AES”;
private static final byte[] keyValue =
new byte[] { ‘G’, ‘A’, ‘t’, ‘l’, ‘i’, ‘n’, ‘g’, ‘i’, ‘s’, ‘a’, ‘w’,‘e’, ‘s’, ‘o’, ‘m’, ‘e’ };

public static String encrypt(String Data) throws Exception {
Key key = generateKey();
Cipher c = Cipher.getInstance(ALGO);
c.init(Cipher.ENCRYPT_MODE, key);
byte[] encVal = c.doFinal(Data.getBytes());
String encryptedValue = new BASE64Encoder().encode(encVal);
return encryptedValue;

public static String decrypt(String encryptedData) throws Exception {
Key key = generateKey();
Cipher c = Cipher.getInstance(ALGO);
c.init(Cipher.DECRYPT_MODE, key);
byte[] decordedValue = new BASE64Decoder().decodeBuffer(encryptedData);
byte[] decValue = c.doFinal(decordedValue);
String decryptedValue = new String(decValue);
return decryptedValue;
private static Key generateKey() throws Exception {
Key key = new SecretKeySpec(keyValue, ALGO);
return key;

public static void main(String args[]){




.header(“Content-Type”, “application/x-www-form-urlencoded”)
.formParam(“username”, “${username}”)
.formParam(“password”, “${password}”)
.formParam(“grant_type”, “password”)

in above request iam getting encoded username and password in basicAuth, so please help me to pass authentiction request?