This extension automatically handles anti-CSRF tokens, and hides the mechanism from the browser (or other tool) that is using Burp. It tracks the most recent token received in a response, and ensures that each request always contains the latest token.

It also allows Burp to be chained as an upstream proxy from other security scanning tools that are not CSRF-aware.

Requires Java version 7.

Read more: https://github.com/asaafan/CSurfer/