# Cross-Site Request Forgery (CSRF/XSRF) and Server-Side Request Forgery (SSRF)

CSRF attacks occur when an unauthorised command(s) are transmitted from a user who is trusted by the application. These attacks mostly affect apps or websites which rely on a user's identity. A user's browser could be tricked by an attacker into sending HTTP requests to a target website, for example, a user authenticated by the application via a cookie could unknowingly send a HTTP request to a site that trusts the user, triggering an unwanted action.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://contrxl.gitbook.io/contrxl/hacking/web-application-vulnerabilities/cross-site-request-forgery-csrf-xsrf-and-server-side-request-forgery-ssrf.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.