XSRFProbe v3 is here! It's basically a from-scratch rebuild of the engine with way fewer false positives.
It comes with a whole new suite of checks (token tampering, method/Content-Type overrides, Origin/Referer bypasses, SameSite cookie analysis), each with a clear ID, severity and exploitability notes. There's headless-browser support for SameSite bypasses, tailored auto-validating PoCs, a bounded smarter crawler, and JSON reports.
The wiki has been completely rewritten to match as well. :)