Cross-site Request Forgery (CSRF) is a common class of vulnerabilities often difficult to test. The Scanner has good coverage for these types of issues although it wont exploit them for you. This is where RForge comes in place.
What Does It Do
RForge can take any type of HTTP request and convert it into a self-contained CSRF attack page. It works well with payloads of various formats such as JSON and XML. The tool automatically converts between different types of requests and writes the boilerplate code needed to execute the attack in all major browsers. RForge makes CSRF exploit generation easy and fun.