Everything is from portswigger
Burp Suite delimiter list: https://portswigger.net/web-security/web-cache-deception/wcd-lab-delimiter-listarrow-up-right
In case of decoding discrepenacies:
for delimeter
Make sure that you also test encoded non-printable characters, particularly %00, %0A and %09. If these characters are decoded they can also truncate the URL path.
%00
%0A
%09
for path
/static/..%2fprofile
Last updated 9 months ago