+ Start a Discussion

CSRF Testing Tool

Cross-Site Request Forgery (CSRF) is an attack that tricks the victim into loading a page that contains a malicious request. It is malicious in the sense that it inherits the identity and privileges of the victim to perform an undesired function on the victim's behalf, like change the victim's e-mail address, home address, or password, or purchase something.


Unfortunately, not too many automated web-application testing tools are effective in identifying CSRF vulnerabilities. A new "tool" for creating proof-of-concept CSRF attacks was released recently called Pinata. It is written in Python and designed to take a HTTP request for the vulnerable Web page and turn it into a HTML file containing the CSRF attack. It works for both GET and POSTs and can be helpful during testing.