XSS cookie stealer using JavaScript and PHP
cookiestealer.php
to your servercookie.html
to replace YOURWEBSITE.COM
with your server's URL or IP
script
part can be used to attack a vulnerable websitelog.txt
to see the collected cookiesThis code is based on what can be seen here: Write an XSS Cookie Stealer in JavaScript to Steal Passwords
It explains in details what it's doing.