Manual

Target URL and Method

Use the first input field to enter the target URL where the CSRF vulnerability might exist. Select the appropriate HTTP method (GET, POST, PUT, or DELETE) from the dropdown below the URL field.

Parameters

The Parameters section allows you to define the data that will be sent with the request.

• Click the Add Param button to add a new parameter row.
• Each row has two input fields: Name and Value. Enter the parameter name and its corresponding value.
• You can add multiple parameters as needed.
• To remove a parameter, click the red × button next to the parameter row.

HTML Payload

As you input the Target URL, Method, and Parameters, the application automatically generates the corresponding HTML payload in the HTML Payload text area. This is the HTML form code that can be used to perform the CSRF attack.

You can manually edit the generated HTML if needed, and the application will attempt to parse it back to update the URL, Method, and Parameters fields.

Testing the Payload

Once your payload is ready, you can test it directly from the application:

• Click the Test Payload button.
• The application will send a request to the Target URL with the defined Method and Parameters.
• The Test Results section will display the response status code, the response body, and the response headers, allowing you to analyze the outcome of the request.