Listen to this Post
To quickly URL encode (e.g., https://` →https%3a%2f%2f`) even complex URLs, use the following Bash function:
Download the Script:
curl -o urlencode.sh -Lv "https://hackertips.today/cmd/urlencode.sh"
Load and Use the Function:
Source the script or paste the function directly source urlencode.sh Encode a URL urlencode "https://example.com/path?id=1"
Successful Output:
[/bash]
https%3a%2f%2fexample%2ecom%2fpath%3fid%3d1
What This Does - Converts all non-<code>[A-Za-z0-9]</code> characters to their URL-encoded equivalents. - `:` → `%3a` - `/` → `%2f` - `.` → `%2e` - Preserves letters and numbers, which typically don’t require encoding in payloads (e.g., for Burp Suite or other security tools). You Should Know: <ol> <li>Manual URL Encoding with `xxd` and `sed` [bash] echo -n "https://example.com" | xxd -p | sed 's/../%&/g'
2. Using `curl` with `–data-urlencode`
curl -G "https://api.example.com" --data-urlencode "param=value with space"
3. Python One-Liner for URL Encoding
python3 -c 'import urllib.parse; print(urllib.parse.quote(input("String: ")))'
4. Decoding URLs in Bash
urldecode() { : "${//+/ }"; echo -e "${_//%/\x}"; }
urldecode "https%3a%2f%2fexample.com"
5. Encoding for SQLi/XSS Payloads
urlencode "'); DROP TABLE users;--"
Output:
[/bash]
%27%29%3b%20DROP%20TABLE%20users%3b–
<ol> <li>Windows Equivalent (PowerShell) [bash]
7. URL Encoding in Burp Suite
- Use Ctrl+U in Burp’s Repeater to auto-encode selected text.
8. Obfuscating Malicious URLs
urlencode "javascript:alert(1)"
Output:
[/bash]
javascript%3aalert%281%29
What Undercode Say URL encoding is essential for web security testing, API interactions, and payload crafting. Below are critical commands for penetration testers: <ul> <li>Extract URLs from Logs ```bash grep -oP 'http[bash]?://[^"]+' /var/log/nginx/access.log | sort -u
Encode All Special Chars
echo "admin' OR 1=1--" | perl -MURI::Escape -ne 'print uri_escape($_)'
Decode Burp Captured Traffic
echo "%7B%22user%22%3A%22admin%22%7D" | jq -r '@uri'
Windows CMD Encoding
powershell -command "<a href=":UrlEncode("https://example.com")">System.Web.HttpUtility</a>::UrlEncode('payload')"
Automate Encoding in Scripts
!/bin/bash
encoded=$(urlencode "$1")
curl -X GET "https://target.com/search?q=${encoded}"
Validate Encoded Strings
curl -s "https://example.com/search?q=$(urlencode "admin'--")" | grep "SQL error"
Expected Output:
A properly encoded URL or payload, ready for use in web exploits, API testing, or debugging.
Reference:
References:
Reported By: Activity 7319933365229412353 – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
