This was semester project for Web Security module that I signed up for. As part of this, we developed a scanner that points out all the CSRF injection points in a website. The design of this scanner is modular, with 4 separate stages. First stage crawls all the pages of a website and points out all the plausible injection points, second stage gives all the payloads for each injection point, third stage verifies if a combination of injection point and payload is a valid attack vector and forth stage generates selenium scripts. These selenium scripts show the attack in an automated fashion. Code for the final scanner is available on my github account.