How to use

1. Upload cookiestealer.php to your server
2. Edit cookie.html to replace YOURWEBSITE.COM with your server's URL or IP
   • The script part can be used to attack a vulnerable website
3. Do some XSS attacks
4. Visit log.txt to see the collected cookies

Source

This code is based on what can be seen here: Write an XSS Cookie Stealer in JavaScript to Steal Passwords

It explains in details what it's doing.