SQL Comment Space (/**/)
Replaces spaces with /**/ inline comments. Bypasses space-filtering in SQL injection contexts.
Enter a payload above to see the encoded output…Tool
Encode and obfuscate payloads for defense evasion. URL encoding, HTML entities, Base64, PowerShell -EncodedCommand, shell tricks, SQL bypasses, and more — with restricted character filtering.
Inject / Bypass8 techniques
Replaces spaces with /**/ inline comments. Bypasses space-filtering in SQL injection contexts.
Enter a payload above to see the encoded output…Converts the string to a MySQL/MSSQL hex literal (0xHEX). Bypasses quote filtering in SQL injection.
Enter a payload above to see the encoded output…Appends a %00 null byte. Exploits C-string null termination in file inclusion and extension checks.
Enter a payload above to see the encoded output…Converts ASCII to full-width variants (/→/). Bypasses ASCII-only normalisation filters.
Enter a payload above to see the encoded output…Doubles all forward slashes (/ → //). Bypasses simple path normalisation and blacklist checks.
Enter a payload above to see the encoded output…Inserts /./ between path segments. Equivalent path; evades literal-match path traversal filters.
Enter a payload above to see the encoded output…Encodes each ASCII byte as a 2-byte overlong UTF-8 sequence (e.g. / → %C0%AF). Classic WAF bypass.
Enter a payload above to see the encoded output…Appends %0D%0A (CRLF) to the input. Used to inject HTTP response headers in response-splitting attacks.
Enter a payload above to see the encoded output…