When does SSL encrypt data from browser to server?

My understand, the website's data with https protocol will be encrypted when transfered between browser and server. When is it encrypted?

In login form, I use the Telerik Fiddler Web Debuger to capture the request, I still see the plaintext password. Another question, IT admin with sniff traffic tool or proxy can capture HTTPS request and see the sensitive value, doesn't he?

So when will the data be encrypted?

That's an interesting question. The browser's network library will encrypt the data when sending a request via HTTPS. When request sent via HTTPS the client (browser) will perform TLS handshake to negotiate encryption details and then sends the data encrypted. I am assuming that the plaintext password you are seeing is in the Fiddler's browser plugin and not in the proxy application. You can always see the network request information/payload including clear password in the network tab of the browser while inspecting that specific request. You would not be able to see the request's data in plain text in the proxy interceptor as well as a sniffer app like wireshark when sent over HTTPS. As you can see from the Telerik Fidler's video they are only showing HTTP requests.

You can definitely setup a proxy (man in the middle proxy) that will be able to inspect SSL traffic. This is done in a lot of corporate networks. For that you would setup a forward proxy with SSL certificate that is trusted by the browser which will then allow the proxy to decrypt the HTTPS request that is coming from the browser and inspect it.

When data sent over HTTP the data can be sniffed and the person can see the request info and the payload. That is the reason a person should always send sensitive data over TLS connection

UPDATE:

This diagrams shows the client to server connectivity via HTTPS.. The form data is always encrypted before it's send over the internet

This image is from SonicWall SSL Control