- Upload
cookiestealer.php
to your server - Edit
cookie.html
to replaceYOURWEBSITE.COM
with your server's URL or IP- The
script
part can be used to attack a vulnerable website
- The
- Do some XSS attacks
- Visit
log.txt
to see the collected cookies
This code is based on what can be seen here: Write an XSS Cookie Stealer in JavaScript to Steal Passwords
It explains in details what it's doing.