Payloadify logoPayloadify

XSS Payload Generator

Generate an XSS payload using common WAF-bypass and encoding techniques, from basic tag injection to advanced obfuscation. Pick a level, a context, and what the payload should do.

Use only on systems you own or are explicitly authorized to test.

Picking a specific injection type or obfuscation below switches this to Custom automatically.

The generator picks the quote style and encoding that avoids these characters where possible.

The classic proof-of-concept — a visible popup confirms JavaScript executed in the page's context.

Pick your options above, then click Generate payload.