How can OWASP ZAP be used to leverage a cookie stolen through Cross-Site Scripting (XSS)?
1) The web response can be trapped and the SERVER header is replaced with the cookie value.
2) The cookie can be encoded and embedded within a requested URL that is forwarded to the server.
3) The web request can be trapped and the current cookie is modified to use the stolen cookie's value.
4) The cookie can be placed in a request with the 'EXPIRES' value changed to a date in the past.