Cross-Site Request Forgery (CSRF) is covered in CEH v13 Module 12: Hacking Web Applications. It occurs when an attacker tricks a victim’s browser into making unintended, authenticated requests to a web application where the victim is already logged in.
Example:
User logs in to a banking site.
While logged in, the attacker sends the user a crafted link that submits a transaction via a hidden request.
Since the user’s session cookies are valid, the bank processes the request.
Why Other Options Are Incorrect:
A. Session hijacking: Steals session tokens but doesn’t involve forcing browser actions.
B. SSRF: Server sends a request to an internal service, not via user's browser.
D. XSS: Executes scripts in the user’s browser but doesn't force HTTP requests under the user’s identity.
[Reference:, Module 12 – Application Layer Attacks → CSRF, CEH Labs: CSRF Exploitation Demo with Logged-In Session Tokens, , , ]
Submit