Portswigger CSRF Labs
Portswigger Academy CSRF Labs



Cross-site request forgery (CSRF) is a client-side technique used to attack other users of a web application.


Cross-site request forgery is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.

Using CSRF, attackers can send HTTP requests that pretend to come from the victim, carrying out unwanted actions on a victim’s behalf. For example, an attacker could change a password or transfer money from a bank account without permission. If the victim is an administrative account, CSRF can compromise the entire web application.