In this project, we offer an approach that uses machine learning (ML) to identify vulnerabilities in online applications. Because web apps are so diverse and sometimes use bespoke programming techniques, they can be especially difficult to analyze. Because machine learning (ML) can leverage manually labeled data to incorporate human understanding of online application semantics into automated analysis tools, it is thus particularly beneficial for web application security. In order to create Mitch, the first machine learning solution for the black-box detection of Cross-Site Request Forgery (CSRF) vulnerabilities, we used our methodology. We were able to find 35 new CSRFs on 20 popular websites and 3 new CSRFs on production software thanks to Mitch.