To detect CSRF flaws in an application, it is important to navigate through the entire application, trying to map all the called methods to identify which are important due to the kind of processing it has. We can also do this to find out how they are called, which parameters are sent to the application, if there is any anti-CSRF protection, and if it is one of the vulnerable protections we saw before. Also, if you detect that the protection is currently implemented, try to find an error. Maybe the information you need to exploit the vulnerability is in another application's request.
You can use the Site map tab in Burp Suite, or in another proxy, to detect when a resource is called to other domains:
Also look in the request to check whether information is stored in the cookies. You can find tools in this chapter that can be used to...