The poc for verifying csrf vulnerabilities is integrated in the burp suite, and you can use it directly without having to build the form yourself, which is very convenient. Use pikachu's csrf to verify it.
CSRF(get)
After submitting and modifying personal information, intercept the data packet and select the following
As follows, we modify the original mobile phone 111... to 2222, copy the form link constructed by burp, and open it in the same browser (without logging out)
Click on
The data is modified successfully, csrf exists
CSRF(POST)
In the same way, there will be no more demonstration. If the data is modified successfully, there is a loophole
CSRF(Token)
Because of the token
The data is not modified successfully, and there is no csrf vulnerability.
Using this tool, we can test for the existence of csrf vulnerabilities.