> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-3/obfuscation/trick-0318.md).

# Decode Encoded String From Source

***

Check the source code of web pages for strings that look encoded (e.g., unusual characters, sequences resembling Base64). These might hide paths, clues, or other sensitive information designed to be overlooked during casual browsing.

If an encoded string is found, copy it and use a decoding tool like Cyberchef, `base64 -d`, or similar tools appropriate for the suspected encoding type (commonly Base64, URL encoding, or simple XOR). CyberChef is a tool widely used for data decoding and deobfuscation, capable of handling operations such as From Base64 and XOR. This process reveals the hidden content. For instance, an encoded string might decode to a hidden path like `/teaRoom/`.
