Chapter 96·Intermediate
CSRF Explained: How a Random Site Can Act as You — and How to Stop It
01 / 05
The core
CSRF rides your login without stealing it.
The attacker never sees your password or session. They just get your browser to fire a request at a site you're logged into — and the browser attaches your cookies automatically.