Cross-Site Request Forgery is a common attack against web applications and typically happens due to weak session management. In the CSRF attack, the attacker sends a specially crafted link to the victim. As the victim clicks the link sent by attacker, it triggers some malicious action in the vulnerable application. Anti-CSRF or CAPTCHA are some of the common defenses against CSRF. OWASP has a special tool to test if an application is vulnerable to CSRF. It can be found at https://www.owasp.org/index.php/File:CSRFTester-1.0.zip.

The OWASP CSRF tester captures application requests and then generates a CSRF proof of concept as shown in the following image: