Clear the devtool network monitor logs

This sounds like a good thing to omit from access from javascript. Otherwise a malicious script could hide its tracks.

Unfortunately it's not, this is to give a user a privacy because the network request wether it post or get method it parameters can be viewed, so to prevent undesired people from seeing users sensitive information like passwords, the idea at the moment is to clear the logs after such request methods occurred only if that website form is submitted.

A very decent method for this is for the websites to integrate with this system so there won't be a need to clear logs because what will be sent is something secure which the website will request futher encryption of that data on the backend which will be means of API following strict security majors.

Unfortunately you can't send a third party encrypted data to another system which the user is attempting to login because that login will fail as it will be taken as incorrect credentials.

I basically want to clear the user credentials from the logs as soon as the post or get request is fired on form submit.

The password is encrypted while it on the fields because of the instant encryption but had to decrypt it on form submission and encrypt again so that it will remain encrypted on the field but my worry is that of the post or get request which is not protected.

This log is, for this discussion on my personal computer. Since I don't let others use my PC, what scenario are we talking about? The log I looked at is not accessible from the web, just this PC. There are other logs that are gone once I exit Chrome or close the devtool. I stopped examining this once I found this log to only exist on my PC.

Now if your site is insecure that's an entirely different discussion and scenario since I'm running Chrome (or another browser) and having its devtool/view open.

For a site to control this log looks like a security breach as the site has no business deleting logs on my PC.

This is not for a website but for extension. The extension is a password manager which keeps the users credentials secure.

To make aa example. When you type your password let say on Daniweb, once you are done typing it, this extension then instantly encrypt your password to make sure even if you are trying to login to your Daniweb account on a public computer or someone else's computer and didn't proceed with the login maybe you got disturbed for whatever reason but if someone comes and try to inspect the Daniweb password field element that person won't see your actual password but will see an encryption hash code.

If let say that person try to copy it so that he will attempt to login to your Daniweb account later on somewhere else, this won't work because the encryption is only decrypted on the PC it was generated on.

I've introduced a CTA (Click To Authorise) which enforce website's example Daniweb, Facebook to wait for you to authorise the login request using your mobile app. This works great.

Now when you combine the two features which is instant password encryption and the CTA you get a solid security solution. Now comes the issue, I don't own website's the users are using, which means as much as I've kept your accounts secure, but when you now submit the form say Daniweb login form, I have to decrypt your password and allow the submission then instantly encrypt again the password field so that even is someone trying to view your password can't see when s/he stops the page while it submitting since it decrypt during that stage, but because of the instant encryption it quickly encrypt again so that person won't see the actual users password.

But if that person go to network monitor tool and enable persistent log, that person will get the actual users credentials on that website say Daniweb login post request method. This is what I want to clear so that the user credentials won't be exposed.

Also this is to ensure that even if someone do get your extension logins and try to login to get your Daniweb credentials, so that s/he will try to use your real Daniweb credentials outside the protection of this extension because the extension has the CTA which will not proceed with the login till you grant it access or deny it using your mobile app.

But for that person to get your actual Daniweb credentials s/he will have to try attemping to login so s/he will see the network monitor tool logs and get those credentials and use it to login to your Daniweb account without using this extension as that person will be running away from the CTA.

But if I clear this log after the submission then there's no other way for that person to easily view users credentials because onces submitted then then the website uses the SSL which then continue protecting the user credentials.

But if let say Daniweb was integrated with my API then there wasn't gonna be a need for this because the extension would allow Daniweb to submit the fields with encrypted password then on the backend call my API to decrypt the password, that way it would be a solid solution because Daniweb would have to pass first some securiry verification when requesting the decryption of password so that Daniweb will successfully authenticate you as a user. But for that it will take time to get such approvals because we still have to educate people the importance of offering users with the solutions to protect themselves from hacker with. Also we still have to prove ourselves that we are what we say we are a cybersecurity before we are even consided.

But in the meantime clearing this log would solve this issue till we get another secure method of allowing websites to remain secure for users credentials.

At this point you're convinced that this is needed. Your next step is to submit a bug or feature request to all the web browser makers.

I remain unconvinced that an extension should be able to clear devtool logs. The log is just on our PC and used to document what sites and more do. A nefarious site or extension if it could clear logs could cover its tracks. Since it's my PC and my choice to open the devtool and log, why is this a security problem? It's not.

If it's your computer it not a problem, the problem comes when you use public computers, or if a friend borrows your device or someone stole it. Furthermore if someone just happens to get or know your extension master password, as much as that person may not see your saved accounts passwords right a way but by attempting to login doesn't matter which computer it is, your or his but still that person will be able to see your actual password by viewing the logs.

The problem here is not only if its your computer but the problem is when a hacker get access to your master password. To view your credentials that person will simply attempt to login to whatever website he wants it's credentials for.
HaveIf it's your computer it not a problem, the problem comes when you use public computers, or if a friend borrows your device or someone stole it. Furthermore if someone just happens to get or know your extension master password, as much as that person may not see your saved accounts passwords right a way but by attempting to login doesn't matter which computer it is, your or his but still that person will be able to see your actual password by viewing the logs.

The problem here is not only if its your computer but the problem is when a hacker get access to your master password. To view your credentials that person will simply attempt to login to whatever website he wants it's credentials for.

A public computer can have keyboard loggers and more. I'm seeing less and less public computers because... Smartphones and chromebooks.

Also, public WiFi is a risk that's been mostly mitigated but folk can fall for fake web site login requests. The security issue you are chasing here, and the solution you propose looks to make security worse not better since it gives the extension a way to cover it's tracks.