Trapster web framework
The Trapster web framework is a powerful and flexible web framework that allows you to copy and emulate web applications for your honeypot.
It uses YAML for configuration, and Jinja2 for templating. You can even use AI to generate some response based on parameters that you define.
How it works
The web framework is a simple HTTP server that listens on a specific port and responds to requests with a response. Each web emulation (called a "skin") consists of three main components:
1. Configuration (config.yaml)
The YAML configuration file defines how the server should respond to different HTTP requests. It allows you to:
- Define endpoint routes using regex patterns
- Specify different responses for different HTTP methods (GET, POST, etc.)
- Configure query parameter matching rules
- Set custom HTTP headers
- Define error page responses
- Set default responses for unmatched routes
- Use AI to respond to specific routes
2. Static Files
The files directory contains static content like:
- HTML pages
- Images
- JavaScript files
- CSS stylesheets
- Other static assets
These files are served directly when requested, maintaining the same directory structure. You don't need to specify them in the configuration file.
3. Dynamic Templates
The templates directory contains Jinja2 template files that can generate dynamic responses. Templates can:
- Access request information (headers, cookies, query parameters)
- Generate random values
- Include current timestamps
- Use conditional logic
- Specify custom HTTP status codes using front matter
Features
- Basic Authentication: Optional username/password protection
- Custom Headers: Global and per-route header configuration
- Query Parameter Matching: Route requests based on query string patterns
- AI Integration: Optional AI-powered responses for dynamic interaction
- Error Handling: Customizable error pages
- Template Front Matter: Control response status codes from templates
- Secure Path Resolution: Prevents directory traversal attacks