@SeanWrightSec to get to things I couldn't normally access (like your router's login page or stuff over your corporate VPN etc). I used to make legitimate use of CSRF in a password manager - meant I had a link I could click to automatically be logged in. Utility of that is both great & scary