Cross-Site Request Forgery (CSRF) attacks deceive the victim's browser into sending a manipulated request to the vulnerable application while the victim is logged in. So, an application should make sure the request is legitimate.

As a CSRF attack is an attack on a logged-in user, we have to send the session cookie with the request. We can use cookielib to remember cookies between sessions:

import mechanize 
 
 
cookies = mechanize.CookieJar() 
 
cookie_opener = mechanize.build_opener(mechanize.HTTPCookieProcessor(cookies)) 
mechanize.install_opener(cookie_opener)  
 
url = "http://www.webscantest.com/crosstraining/aboutyou.php" 
 
 
 
res = mechanize.urlopen(url) 
 
content = res.read()    

To test for CSRF, we have to submit the form from a page other than the actual page. We could also check the form for a CSRF token. If such a token exists in the form, manipulate the values and make sure the form fails...