August 4 , 2020

Google IDs are a public key to your digital footprint.

Contents:

  1. The Goal
  2. Obtaining a Google ID
  3. Google Maps Contributions
  4. Takeaways


    5. For every Google account created, several identification numbers and aliases are tied to that account and will be used as a pointer for most ensuing Google HTTP posts and requests. Your online photo albums, reviews, YouTube playlists, and Map contributions can be retrieved using one of these many identification numbers. This open-source intelligence (OSINT) methodology report will dive into how Google IDs can provide a foothold for anyone tracking down the private, yet public, details of an online user.


    The Goal

    Suppose our only piece of information for tracking down an individual is their Gmail address. For the purpose of this report, I will be tracking an email created for this exercise by a user named win32k for a HackTheBox OSINT challenge.

    Let's find saramedsoncruz@gmail.com's last known location and a review she left while there.

    Typically, there could be several vectors for approaching this objective, but we will be using the email's Google ID.


    Obtaining a Google ID

    When Google+ was an active social media site, getting a user's Google ID was as simple as navigating to that user's Google+ page and locating it in the profile's URL. Because the site has no longer been available for consumer use since April of 2019, this method is deprecated. Nowadays, we can do some minimal packet analysis using Chrome's inspect element tool.

    Step 1

    Navigate to Google Contacts and press the F12 key to open the inspect element window. Go to the Network tab and ensure that there is a blank slate for activity.

    Step 2

    Once at a blank network screen, go back to the Google Contacts page and click on a contact to bring up their card. Some activity should have populated the Network screen. We can click on the red circle on the top left of the screen to stop recording more activity.

    Step 3

    In the network window, we are interested in what the packet beginning with batchexecute contains, so left click on the entry to reveal its contents.

    If we scroll to the bottom of the Headers tab, we come across the field named Form Data. Here, we will find the 21-digit Google ID beginning with the number 1. In saramedsoncruz's case, that number is 117395327982835488254.


    Google Maps Contributions

    Now, we have another vital clue in our investigation: Sara's Google ID. From here, we can find a multitude of Sara's public information. Our goal, however, is to find her last known location and the review she left while there. We can use the link https://www.google.com/maps/contrib/{Insert_Google_ID} to find a user's Google Maps contributions. Let's substitute {Insert_Google_ID} with 117395327982835488254 and enter the link into a web browser. Here is our resulting page:

    In the top right of the screen below the account's name, we know that there is one contribution tied to this user. Clicking on the Reviews tab returns the user's most recently reviewed location: the objective of this investigation.


    Takeaways

    Google IDs are public keys that can be used to obtain public information on an individual's online Google activity. For a better peace of mind, try out this exercise with your own Gmail account and explore much of your info is available online through a few simple searches.

    The following links provide more ways to obtain public info using a Google ID:

    • Google Album Archives: https://get.google.com/albumarchive/{userID}
    • Map Contributions: https://www.google.com/maps/contrib/{userID}