Do I need Burp Suite to use this skill?

While Burp Suite is highly recommended for its built-in PoC generator, the skill also provides manual workflows using curl and custom HTML/JavaScript payloads.

Can this skill test JSON-based APIs?

Yes, it includes specific workflows for testing JSON APIs using techniques like content-type manipulation and the Fetch API to bypass standard protections.

Is this skill legal for any website?

No, this skill is intended for ethical hacking and must only be used on systems you own or have explicit written permission to test.

What is a CSRF attack simulation?

It is an authorized security test that attempts to trick a user's browser into performing unwanted actions on a web application where they are currently authenticated.

CSRF Attack Simulation & Testing

Name: CSRF Attack Simulation & Testing
Author: micsapp

bymicsapp

0•

Seguridad y Pruebas

Simulates Cross-Site Request Forgery (CSRF) attacks to identify and validate web application vulnerabilities during authorized security assessments.

This skill provides a comprehensive framework for security professionals to test web applications for CSRF vulnerabilities. It guides users through identifying state-changing requests, auditing anti-CSRF token implementations, and bypassing common defenses like SameSite cookie attributes. By providing specific workflows for tools like Burp Suite and custom HTML/JavaScript payloads, it enables rigorous validation of session management security and ensures that sensitive actions—such as email changes or fund transfers—are properly protected against unauthorized cross-site execution.

Características Principales

010 GitHub stars

02Identification of state-changing POST, PUT, and DELETE requests

03Support for advanced JSON API and GET-based CSRF bypass techniques

04Systematic testing of anti-CSRF token enforcement and validation

05Browser-level security analysis including SameSite, Origin, and Referer headers

06Generation of automated and manual CSRF Proof-of-Concept (PoC) payloads

Casos de Uso

01Validating the effectiveness of security implementations like SameSite cookie attributes

02Conducting authorized penetration tests to identify account takeover vectors

03Auditing custom authentication and session management systems for logic flaws

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills performing-csrf-attack-simulation

For use in Claude.ai and ChatGPT

Características Principales

010 GitHub stars

02Identification of state-changing POST, PUT, and DELETE requests

03Support for advanced JSON API and GET-based CSRF bypass techniques

04Systematic testing of anti-CSRF token enforcement and validation

05Browser-level security analysis including SameSite, Origin, and Referer headers

06Generation of automated and manual CSRF Proof-of-Concept (PoC) payloads

Casos de Uso

01Validating the effectiveness of security implementations like SameSite cookie attributes

02Conducting authorized penetration tests to identify account takeover vectors

03Auditing custom authentication and session management systems for logic flaws

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills performing-csrf-attack-simulation

For use in Claude.ai and ChatGPT