This is a lightweight app that allows you to mimic CSRF attacks to check your own web applications for vulnerabilities. Simply set up your request configuration in a config.json file, and when you visit the app in your browser you can choose to execute those requests at will. The app runs on the default Sinatra port (4567).

NOTE: Obviously, this tool should only be used on applications you own or are explicitly allowed to test. Anything else would be illegal, and I accept absolutely no responsibility for your use of this application.

If you don't have bundler, install with your favorite package manager, e.g.: brew install bundler

Clone repo: git clone https://github.com/rufusraghunath/csrfun.git

Inside repo: bundle install

Change the config.json file to whatever you want. You can put as many URLs as you want, and register multiple HTTP/HTTPS requests per URL.

From the repo root: ruby csrfun_app.rb

In the browser, visit localhost:4567.