URL Encoder/Decoder

Encode and decode URLs for CTF challenges, bypass filters, and test web applications

Input Text/URL Enter text or URL to encode

Encode URL Components Only Double Encode (bypass filters)

Encoded Output

Encoded URL Enter encoded URL to decode

Recursive Decode (decode multiple times)

Decoded Output

Common Use Cases

Double-encode URLs to bypass WAF filters and input validation in CTF challenges

alert(1) → %25616c%2565%2572%2574%25281%2529

Properly encode special characters in URL query strings for web exploitation

?q=test&name → ?q=test%26name

Encode directory traversal sequences to bypass path sanitization

../../etc/passwd → ..%2F..%2Fetc%2Fpasswd

Encode internal URLs and IP addresses for Server-Side Request Forgery attacks

http://localhost → http%3A%2F%2Flocalhost

URL Encoding: Replaces unsafe ASCII characters with % followed by two hexadecimal digits
Double Encoding: Encode twice to bypass filters that only decode once (WAF bypass technique)
Component Encoding: Only encodes query parameters and path components, preserves URL structure
Common Chars: Space→%20, &→%26, =→%3D, /→%2F, ?→%3F, #→%23