A CSRF attack is one that makes authenticated users perform unwanted actions in the web application they are authenticated with. This is done through an external site that the user visits, and that triggers these actions.

In this recipe, we will obtain the required information from the application in order to know what the attacking site should do to send valid requests to the vulnerable server, and then we will create a page that simulates the legitimate requests and tricks the user into visiting that page while authenticated. We will also make a few iterations on the basic proof of concept to make it look more like a real-world attack, where the victim doesn't notice it.