Shazzer logo
Login

Host

Chrome logo 1
Firefox logo 1
Edge logo 1

Testing

IDKdir
Created byIDKdir
Created Jul 15, 2024
Updated May 27, 2025

Tweet
Detecting browser...
CategoryURL Handling
VisibilityPublic
TypeJS
CharsetUTF-8
Template used:
if (new URL('https://www.example.com/$[chr]evil.com').host=='evil.com') {0x0D
    log('"https://www.example.com/$[chr]evil.com" -> "evil.com"')0x0D
}0x0D
0x0D
if (new URL('https://www.example.com$[chr]evil.com').host=='evil.com') {0x0D
    log('"https://www.example.com$[chr]evil.com" -> "evil.com"')0x0D
}

Sample payloads

if (new URL('https://www.example.com/0x00evil.com').host=='evil.com') {0x0D
    alert('"https://www.example.com/0x00evil.com" -> "evil.com"')0x0D
}0x0D
0x0D
if (new URL('https://www.example.com0x00evil.com').host=='evil.com') {0x0D
    alert('"https://www.example.com0x00evil.com" -> "evil.com"')0x0D
}

Fuzz results

Chrome logo
Chrome 145.0.0.0 desktop Windows NT 10.0
Updated17 Feb 2026
Found 1 result
Loading...
Firefox logo
Firefox 147.0 desktop Linux
Updated1 Feb 2026
Found 1 result
Loading...
Edge logo
Microsoft Edge 144.0.0.0 desktop Windows NT 10.0
Updated31 Jan 2026
Found 1 result
Loading...

Distributed Fuzzing

Enabled:
Status:disconnected
Your browser automatically contributes to distributed fuzzing when idle.