Client Side Request Forgery (CSRF)

What is CSRF?

CSRF (Cross-Site Request Forgery) is an attack that tricks a user into performing unwanted actions on a web application where they’re already authenticated.

How it works?

1. You’re logged into a site (e.g., your bank).

2. A malicious website tricks your browser into making a request to that site (e.g., transfer money).

3. Since you’re already logged in, the browser includes your session cookie automatically.

4. The request is processed as if it came from you—without your knowledge.

Video Explanation