This happens when a user visits a page on a site, that performs an action on a different site. For instance, let's say a user clicks a link to a website created by a hacker, on the website would be an html tag such as <img src="https://vulnerable-website.com/email/[email protected]"> which would change the account email on the vulnerable website to "[email protected]". CSRF works because it's the victim making the request not the site, so all the site sees is a normal user making a normal request.

This as you can imagine can possibly lead to stuff like password reset and gain of sensitive information.

Example

It seems simple enough, As user bob, I can send funds to either Bob or Alice with any of the available balance in my account. Let's take a closer look at the request in burp.

This is looking good, parameters we can customize and a session cookie that is automatically set. Everything seems vulnerable to CSRF. Let's try and make a vulnerable site. Putting <img src="http://localhost:3000/transfer?to=alice&amount=100"> into an html file and using SimpleHTTPServer to host it should change's Alice's balance by 100, Let's see if it does!

We can atuomate this using xsrfprobe which can be downloaded like this pip3 install xsrfprobe via pip3 .The syntax for the command is xsrfprobe -u <url>/<endpoint>

This is to check if the site is vulnerable to CSRF