Summary
Loads expert CSRF attack patterns with a focus on modern bypass techniques that base models typically miss. Covers the full range from basic token validation flaws (token not validated server-side being the most common) to SameSite cookie edge cases, JSON CSRF via content-type tricks, and OAuth state parameter attacks. Especially strong on the double-submit cookie pattern vulnerabilities and the two-minute Lax cookie exemption in Chrome. Includes ready-to-use HTML proof-of-concept templates for different attack vectors. Best deployed when auditing state-changing endpoints like password resets, email changes, or admin role assignments where you need to systematically check token implementation and cookie behavior rather than just surface-level CSRF presence.
Install to Claude Code
npx -y skills add yaklang/hack-skills --skill csrf-cross-site-request-forgery --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
