1- Change single char 2- Sending empty value of token 3- Replace with same length 4- Clickjacking 5- Changing POST/GET method 6- Remove CSRF parameter from request 7- Use another users's valid token 8- CSRF protection by Referer header? Remove the header [ADD in form ] 9- Bypass using subdomain [victim.com.attacker.com] 10- Try to decrypt hash(maybe CSRF toen is hash) 11- Gmail -> Mail send to [email protected] will actually send to [email protected] 12- CSRF tokens leveraging XSS vulnerabilities