While Cross Site Request Forgery (CSRF) is an attack that is primarily targeted at the end user, it still affects web sites. Some developers try to avoid it by using secret cookies or restricting clients to HTTP POST requests, but this won’t work. The usual defence is to implement unique tokens in web forms. CSRF is often underestimated, because their presence is more common than anticipated.
At DeepSec 2013 Paul Amar introduced his Cross Site Request Forgeries Toolkit (CSRFT). The toolkit helps you to study and prototype CSRF interaction with web servers. Paul’s talk was one of the U21 submissions accepted at DeepSec 2013.