jofpin/trape

Trape is a Python tool for tracking people on the internet, built for security researchers, government organizations, and companies that need to follow digital footprints of individuals. It was presented at BlackHat Arsenal in Singapore in 2018 and focuses on demonstrating how internet companies can quietly gather information about users through their browsers without their knowledge. The core idea is that when a target visits a page hosted by trape, the tool begins collecting data silently. It can track the target's geographic location without triggering the browser's standard location permission dialog, using a bypass technique the author claims achieves 99% accuracy. It also detects when you are physically close to the target. Beyond location, trape monitors which online services the target is logged into, showing active sessions for social networks and web services in real time. It can scan other devices on the target's local network and gather details about their connection speed, device hardware, and battery status. The tool also includes attack capabilities intended for social engineering demonstrations. You can inject custom JavaScript into the target's browser, send phishing pages that clone any website, deliver files to the target's device, or play audio messages in English or Spanish directly in their browser. A built-in integration with ngrok lets you expose your local trape server to the public internet so these features work beyond a local network. Setup requires Python 3, cloning the repository, and installing dependencies from the requirements file. You run it by supplying a decoy URL, a port number, and optional flags for custom access keys, ngrok tokens, or local HTML lure files. The project is published for educational purposes, with the stated aim of showing how tracking and social engineering work so that people can better understand and defend against them.