The JavaScript snippet injected into the web page matched the structure of the original catch statement. By creating a fake name of canary and ending the statement with a semicolon, a specially crafted new catch block was created, which contained the malicious JavaScript payload.
How it works...
Get Burp Suite Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.