This page demonstrates how Cross-Site Request Forgery (CSRF) attacks work. Use only in controlled educational environments to understand and test CSRF vulnerabilities.
Testing Instructions
Choose a target hostname from the workshop (e.g., neo, elliot, flynn)
Generate an attack URL using the form above
In another browser tab, log into the target's csrf.php page
Execute the attack using one of the generated methods
Check if the attack payload appears in the target's database
Try the same attack against csrfsafe.php to see how protection works