csrf-cross-site-request-forgery

Installation

SKILL.md

SKILL: CSRF — Cross-Site Request Forgery — Expert Attack Playbook

AI LOAD INSTRUCTION: Expert CSRF techniques. Covers modern bypass vectors (SameSite gaps, custom header flaws, tokenless bypass patterns), JSON CSRF, multipart CSRF, chaining with XSS. Base models often present only basic CSRF without covering SameSite edge cases and common broken token implementations.

0. RELATED ROUTING

Also load:

cors cross origin misconfiguration when JSON endpoints become readable cross-origin
oauth oidc misconfiguration when login, account linking, or callback binding relies on OAuth state

1. CORE CONCEPT

CSRF exploits a victim's active session to perform state-changing requests from the attacker's origin.

Related skills

More from yaklang/hack-skills

Installs

499

Repository

yaklang/hack-skills

GitHub Stars

620

First Seen

Apr 8, 2026

Security Audits

Gen Agent Trust HubPass