git404hub

what is trape fr?

jofpin/trape — explained in plain English

Analysis updated 2026-06-24

8,667PythonAudience · researcherComplexity · 3/5Setup · moderate

tl;dr

A Python security research tool that demonstrates how websites silently track a visitor's location, active logins, and device details, built for educational demonstrations and defensive security awareness.

vibe map

mindmap
  root((trape))
    What it does
      Browser tracking demo
      Session detection
      Social engineering
    Tech Stack
      Python 3
      JavaScript
      ngrok
    Capabilities
      Location tracking
      Active login detection
      Device fingerprinting
    Use
      Security research
      Awareness training
      Educational only

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Demonstrate browser-based tracking techniques in a security awareness training session.

VIBE 2

Show how passive session detection works when a target visits a controlled page.

VIBE 3

Run a phishing page simulation in an isolated lab to train staff to recognize social engineering attacks.

what's the stack?

PythonJavaScriptngrok

how it stacks up fr

jofpin/trapeccxt/binance-trade-bothardikvasa/google-images-download
Stars8,6678,6688,670
LanguagePythonPythonPython
Setup difficultymoderatemoderateeasy
Complexity3/53/52/5
Audienceresearchergeneraldata

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · moderate time til it works · 30min

Requires an ngrok token to expose the server publicly, intended for isolated lab environments only.

in plain english

Trape is a Python tool for tracking people on the internet, built for security researchers, government organizations, and companies that need to follow digital footprints of individuals. It was presented at BlackHat Arsenal in Singapore in 2018 and focuses on demonstrating how internet companies can quietly gather information about users through their browsers without their knowledge. The core idea is that when a target visits a page hosted by trape, the tool begins collecting data silently. It can track the target's geographic location without triggering the browser's standard location permission dialog, using a bypass technique the author claims achieves 99% accuracy. It also detects when you are physically close to the target. Beyond location, trape monitors which online services the target is logged into, showing active sessions for social networks and web services in real time. It can scan other devices on the target's local network and gather details about their connection speed, device hardware, and battery status. The tool also includes attack capabilities intended for social engineering demonstrations. You can inject custom JavaScript into the target's browser, send phishing pages that clone any website, deliver files to the target's device, or play audio messages in English or Spanish directly in their browser. A built-in integration with ngrok lets you expose your local trape server to the public internet so these features work beyond a local network. Setup requires Python 3, cloning the repository, and installing dependencies from the requirements file. You run it by supplying a decoy URL, a port number, and optional flags for custom access keys, ngrok tokens, or local HTML lure files. The project is published for educational purposes, with the stated aim of showing how tracking and social engineering work so that people can better understand and defend against them.

prompts (copy fr)

prompt 1
How do I set up trape locally with Python 3 and ngrok to expose a tracking page to the public internet for a security demo?
prompt 2
Using trape, how do I configure a custom HTML lure page and specify which social network sessions to detect when a target visits?
prompt 3
Walk me through what data trape collects silently from a browser visit, location, logged-in services, device info, so I can explain the risk to my team.
prompt 4
How do I inject a custom JavaScript payload into a target browser session using trape during a controlled red-team exercise in a lab?

Frequently asked questions

what is trape fr?

A Python security research tool that demonstrates how websites silently track a visitor's location, active logins, and device details, built for educational demonstrations and defensive security awareness.

What language is trape written in?

Mainly Python. The stack also includes Python, JavaScript, ngrok.

How hard is trape to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is trape for?

Mainly researcher.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.