Skip to content

Payload Playground

Tools Cheat Sheets CLI

⌘K

Playground Collections Practice Labs Methodology Map

SQL Injection NoSQL Injection GraphQL Injection XPath Injection LDAP Injection

XSS Payload SSRF File Upload Template Injection (SSTI)Prototype Pollution Open Redirect CORS Misconfiguration CSRF WAF Bypass Race Condition

Reverse Shell Command Injection Local File Inclusion Cloud Attacks

JWT Payloads IDOR

CRLF Injection HTTP Request Smuggling

XML External Entity (XXE)Insecure Deserialization

Home
Generators
HTTP Request Smuggling

$loading...

Payload Playground

The one-stop shop for penetration testers. Generate payloads, decode tokens, analyze headers, and streamline your security testing workflow — all from your browser.

100% client-side processing

Tools

All Tools
Generators
Encoder / Decoder
JWT Decoder
Encoding Pipeline
Hash Generator

Resources

Blog
Documentation
Testing Guides
Cheatsheets
Glossary
Changelog
CTF Toolkit
Methodology Map

Features

Pentest in a Box
Report Templates
Embeddable Widgets
Playground
Collections
Labs
Alternatives
CLI Tool

Built with passion for the security community

No data leaves your browser.

© 2026 Payload Playground. All rights reserved.

HTTP Request Smuggling Payload Generator

Protocol

Generate HTTP request smuggling payloads for CL.TE, TE.CL, and HTTP/2 downgrade attacks.

Related Generators

View all Protocol

CRLF Injection

Generate CRLF injection payloads for header injection and response splitting.

Reverse Shell

Generate reverse shell one-liners for various languages and OS targets.

XSS Payload

Craft Cross-Site Scripting payloads with encoding and tag options.