11.6.4
Add the ability to store credentials and any accessible cookies that are obtained from an XSS victim. Some cookies might contain the HttpOnly attribute, making them inaccessible from JavaScript. However, we should capture all cookies that do not have the HttpOnly attribute. The credentials and cookies should be stored in separate tables and will require modifications to the database script as well.