How it works...

The JavaScript snippet injected into the web page matched the structure of the original catch statement. By creating a fake name of canary and ending the statement with a semicolon, a specially crafted new catch block was created, which contained the malicious JavaScript payload.

Get Burp Suite Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.