How I Can Use Your Gmail Account to Find Out Where You Live and Possibly More
Disclaimer: All information and techniques provided in this article are for educational purposes only. I will not be held responsible for, nor do I condone, the misuse of any information/techniques shown in this article.
The Power of OSINT
OSINT stands for Open-Source Intelligence, which is basically all the publicly available information about a person, organization, or business out on the internet. Now, it may seem that not much information about you is out there and readily accessible for free, apart from basic things like your phone number, email, full name, etc. However, even the information hidden behind “People Search” websites with paywalls is actually fully accessible from different parts of the internet. In this post, I’ll talk specifically about one method of OSINT, which can uncover someone’s general location, the places they’ve been to, and possibly some other personal details.
How the Technique Works
Basically, every Gmail account is connected to and used by almost every other app made by Google. Google Maps happens to be one of them. Now, Google Maps has a feature called “contributions” which basically shows all the contributions a Gmail user has made to Google Maps by doing things like leaving reviews on locations. As OSINT investigators, we can use this feature to our advantage by looking at a target’s contributions (which are, by default, universally viewable), which (majority of the time) give us accurate information on the relative area in which they live and possibly other personal information, like their favorite restaurants!
We can even find information on a target’s personal health if they’ve left pictures or reviews!
There was even this one time this technique (along with another one) allowed me to find the target’s exact address from his favorite diner on Google Maps!
Technique Usefulness
Obviously, there is a chance that your investigation target might have made no contributions to Google Maps, and in that case, this technique is useless. The usefulness of this technique ultimately depends on the information that the contributions give. A target might only leak their relative location even by just leaving a few blank ratings on locations, or they might leave a detailed review with photos and leak much more than just their relative location. They can give out an arbitrary number of sensitive details, as you have seen with the provided screenshots. This information can then be used to further an investigation and find more intel on the target.
Viewing Your Own Contributions
As you can see, this feature is important because it allows people to have more accurate information about places, and because it can be used for some cool OSINT tricks! You can see information on contributions you’ve made from your Gmail account by going to Google Maps and clicking on “Your Contributions” in the Menu.
The Manual Method
Now, obviously, there isn’t any menu option to just look at the contributions of someone’s Gmail account in your contacts menu. I know nobody likes doing things manually and everyone prefers automation, but to understand how this technique works, it’s good to try it once manually. It’s really easy after all.
Step 1
Firstly, you must create a contact with the target’s Gmail in Google Contacts, and only the Gmail field must be filled in the contact information. If you’re lucky, you might even get a selfie or picture of the target (trust me, it’s not that unusual), which can be used for more information gathering from a pentester’s perspective.
Step 2
Secondly, after creating the contact, you need to Developer Tools and click on the Gmail field in “Contact Details.” Near the HTML code for that part of the page, you should find an attribute called data-person-id whose value you need to copy to the clipboard or save because it will be needed for the next step.
data-person-id="c8632971339135127084"
Caveat: “data-person-id” Attribute is Dynamic
Keep in mind that this attribute’s value essentially defines the ID of the contact you’ve saved, but it changes depending on which account you’re logged into. So, you might save the same contact on another email of yours, but the “data-person-id” attribute value will be different. Therefore, it is essential that you perform steps 1–3 while logged into the same email.
Step 3
Thirdly, you must go to Google’s PeopleAPI and use the people.get method to get the static ID (the un-changing ID) of the target Gmail account.
There are a few parameter values that need to be entered:
resourceName should be set topeople/<your data-person-id value> .
personFields should be set tometadata .
Now, execute the command and you should see a JSON object returned.
The piece of data that is needed from this JSON object is the value of the id field (which should be a long string of integers) under the "type": "PROFILE" field. This value is the static ID of the target Gmail which can be used to finally access the target’s contributions page.
Step 4
Finally, now that the static ID has been acquired, you can visit the target’s contributions page on Google Maps by typing this URL into your browser’s search bar: https://www.google.com/maps/contrib/<target's static ID> .
And voila! Now, as a penetration tester, you can possibly use any information gathered from this technique for phishing purposes. As an OSINT investigator, you may use information gathered from this technique as a point to go down more avenues of intel that you might have not seen before. Whatever you do, just don’t use this technique for illegal purposes!
The Automated Method
Epieos.com is a great OSINT tool that automates this technique and many other techniques involving E-mail accounts. Please use it responsibly though!
Remediation
One thing that makes this technique so dangerous is that majority of people don’t know about it, so they carelessly put pictures and write whatever reviews they want on Google Maps. Luckily, there is an easy way to stop random people from viewing your contributions page. You can go to the “Your Contributions” tab in the Menu in Google Maps. There should be a “Profile Settings” tab located there, and if you click on it, Google Maps allows you to disable your contributions profile from being world-viewable.
Thanks for Reading!
If this post was beneficial to you, consider dropping a follow and liking the post! Make sure to leave any comments or questions down below!
