Social networking sites such as Twitter, Facebook and others that rely heavily on user-generated content have been the targets of increasingly sophisticated attacks over the last few months. Two security researchers spent a little less than an hour methodically taking apart the security of these sites, ending with a demonstration of a tool they wrote to implement dynamic cross-site request forgery attacks (CSRF) The tool, called Monkeyfist, gives an attacker the ability to define what data he wants to pull out of a site, what payload to send and which URL to attack.
Source: https://threatpost.com/defcon-csrf-attacks-made-easy-080109/73006/