David Porcello
David Porcello (aka grep8000) is an independent security researcher, consultant, pentester, instructor, course developer, OSCP certificate holder, founder of Pwnie Express, and creator of the award-winning Pwn Plug and other penetration testing devices featured in Wired, Ars Technica, PC Magazine, Forbes, and Mr. Robot. Over the years, David has built covert hacking devices for DARPA, hosted workshops at Defcon, authored the Pentester's Handbook GitHub book, and built the tech behind NPR’s Project Eavesdrop.
Session
Victims see the real site; you see everything. C.A.R.P. gives each visitor an isolated Firefox container that loads the actual target URL (Gmail, banks, SSO), no fake login page, just the real site in a browser you control. Passwords, 2FA codes, and session cookies are all captured allowing sessions to be hijacked in real time. Combine C.A.R.P. with ARP and DNS spoofing on the local network, and victims who type real URLs or use bookmarks can be silently redirected into your controlled browser.