Maybe this?
when HTTP_REQUEST_DATA {
if {[string tolower [HTTP::path]] contains "login.asp"} {
save original password value
set pw [findstr [HTTP::payload] "&password=" 10 &]
strip special characters from entire payload
set newPayload [string map {< "" > "" % ""} [HTTP::payload]]
if original pw value was changed, replace original value
if {[string first &password=$pw $newPayload] < 0 }{
regsub {("&password=)(.*?)(&)?} $newPayload {\1$pw\3} newPayload
}
HTTP::payload replace 0 [HTTP::payload length] $newPayload
HTTP::release
log local0. "new payload: $newPayload"
}
}
Should work regardless of password parameter position.
/deb