Table of Contents
People tracker – In this article, I’m going to show you how hackers control android phones through a web browser with trape tool
What is a trape tool?
Trape is an exploration and analysis tool of OSINT, which enables people to monitor and execute intelligent social engineering attacks in real-time.
It was developed to show the world how large Internet companies obtain sensitive information, such as the session status of their websites or services, and control users through browsers without their knowledge, but they are being developed to help government organizations. Companies and researchers hunt down cyber criminals.
git clone https://github.com/jofpin/trape.git
Step 2:
Now change your directory to people tracker (trape) toolΒ
cd trape
Step 3:
Now install the requirements of the people tracker (tape) tool so type the below command on your terminal.
pip3 install -r requirements.txt
Step 4:
After that, run the following command in the terminal.
python3 trape.py -h
Press enter to continue
Step 5:
Now you will be asked to provide ngrok tokens. So, pastΒ your ngrok token here and press Enter.
Step 6:
This tool will then ask for the Google Maps API, so pass your Google Maps API here and press Enter.
After that, it will also request the URL Shortener API, whether you needΒ to pass it or skip it and press Enter.
Step 7:
Now we need to paste the IP API then press the enter button
Step 8:
After pasting the IP API, press Enter to complete the Trape configuration process.
How to get the Google API?
Step 1:
First, click the button below to go to the Google API Generator website.
Step 2:
Now click the credential parameter on the left said list
Step 3:
After that click theΒ create credentialΒ as shown in the below image
Step 4:
Now click the API key below the create credential to create the API keyΒ
How to get the IP API?
Step 1:
First, you will go to the ipstack website so click the below button.
Step 2:
Click signup button
Step 3:
Choose free API accountΒ
Step 4:
Now fill in all your details to create an account.
Step 5:
After completing the above information, simply click the Register button. After that, you can see your IP API key.
How to use the people tracker (Trape) tool?
After the installation is complete, run the following command in the terminal. This command will help you access the web interface.
python3 trape.py --url http://example.com --port 8080
Now copy the link to the control panel to paste the browser and access the people tracker (trape) tool in the web interface.
Benefits of people tracker (trape) tool
1. Locator optimization
Follow the path between you and the target you are pursuing. The path is updated every time you move, and the target location is automatically determined by the browser traversal, so you can bypass the requested location on the victim’s side while maintaining 99% accuracy of the locator.
When you’re close to the target, Trape will tell you.
2. Reset API
Generates an API (random or custom), and through this you can control and monitor other Web sites on the Internet remotely, getting the traffic of all visitors.
3. PROCESS HOOKS
Manages social engineering attacks or processes in the target’s browser.
—Β SEVERAL: You can issue a phishing attack of any domain or service in real-time as well as send malicious files to compromise the device of a target.
—Β INJECT JS: You keep the JavaScript code running free in real-time, so you can manage the execution of aΒ keyloggerΒ or your own custom functions in JS which will be reflected in the target’s browser.
—Β SPEECH: A process of audio creation is maintained which is played in the browser of the target, using this you can execute personalized messages in different voices with languages in Spanish and English.
4. PUBLIC NETWORK TUNNEL:Β
Trape has its ownΒ APIΒ that is linked toΒ ngrok.comΒ to allow the automatic management of public network tunnels; So you can publish the content of your trape server which is executed locally to the Internet, to manage hooks or public attacks.
5. CLICK ATTACK TO GET CREDENTIALS:
Automatically obtains the target credentials, recognizing your connection availability on a social network or Internet service.
6. NETWORK:Β
You can get information about the user’s network.
—Β SPEED:Β Viewing the target’s network speed. (Ping, download, upload, type connection)
—Β HOSTS OR DEVICES: Here, you can automatically scan all the devices connected to the target network.
7. 30-session recognition
Session recognition is one of trape’sΒ most interestingΒ attractions since you as a researcher can know remotely what service the target is connected to.
8. USABILITY:
You can delete logs and view alerts for each process or action you run against each target.
How to solve errors on the peopleΒ tracker tool?
If you face some problems installing the tool, it is probably due to Python versions conflicts, you should run a Python 2.7 environment :
pip3 install virtualenv
virtualenv -p /usr/bin/python3 trape_env
source trape_env/bin/activate
pip3 install -r requirements.txt
python3 trape.py -h
HELP AND OPTIONS
user:~$ python3 trape.py --help
usage: python3 trape.py -u <> -p <> [-h] [-v] [-u URL] [-p PORT]
[-ak ACCESSKEY] [-l LOCAL]
[--update] [-n] [-ic INJC]
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-u URL, --url URL Put the web page url to clone
-p PORT, --port PORT Insert your port
-ak ACCESSKEY, --accesskey ACCESSKEY
Insert your custom key access
-l LOCAL, --local LOCAL
Insert your home file
-n, --ngrok Insert your ngrok Authtoken
-ic INJC, --injectcode INJC
Insert your custom REST API path
-ud UPDATE, --update UPDATE
Update trape to the latest version
–URLΒ In this option you add the URL you want to clone, which works as a decoy.
–portΒ Here you insert the port, where you are going to run theΒ trape server.
–accesskeyΒ You enter a custom key for theΒ trape panel, if you do not insert it will generate anΒ automatic key.
–inject codeΒ trape contains aΒ REST APIΒ to play anywhere, using this option you can customize the name of the file to include, if it does not, generates a random name allusive to a token.
–localΒ Using this option you can call a localΒ HTML file, this is the replacement of theΒ –URL option made to run a local lure in a trape.
–ngrokΒ In this option you can enter a token, to run at the time of a process. This would replace the token saved in configurations.
–versionΒ You can see the version number of trape.
–updateΒ Option used to upgrade to the latest version ofΒ trape.
–helpΒ It is used to see all the above options, from the executable.
Super super superππππππ