Google Chrome and Firefox are usually the browsers for choice for OSINT investigations. Not only are they secure, but they provide the best plugins and extensions to make our work a lot easier. This article will discuss the various Chrome extensions I use during OSINT investigations and why I use them. Some of these you may of heard of of have used before, others may be new but have a clear application. Let’s get started.
This one should be obvious, but is a good place to start. Many websites, especially foreign ones, are so covered in ads that they slow down your browsing time and sometimes make it impossible to load a web page. It’s good to get rid of the ads to get straight to the content and begin your investigation. This comes with some drawbacks, however. Many websites have the ability to detect AdBlock and other advertisement blocking programs and prevent you from seeing their content as a result. In situations like this, I simply copy and paste the URL and open it up on a garbage browser like Internet Explorer that I never use. Due to the nature of OSINT investigations, you’re always looking at things you’re not particularly interested on a consumer level–so the ‘targeted’ ads are kind of useless anyway. So it’s totally ethical!
Now that I’ve got you warmed up, let’s get to more of the OSINT related stuff. FireShot is an extension that allows you to take a screenshot of your entire screen. Why is it useful? If you’re collecting evidence, a lot of websites will change their content or remove it all together. If you take a full page screenshot, you can have proof of your discovery and won’t have to worry about selecting what is important like you do in a normal screenshot (or have to take multiple screenshots). This extension is free, but if you’ve been in the OSINT community long enough, you’ll know there’s a better option. If you’re willing to give up some coin, try Hunchly instead. It does what FireShot does and so much more. It’s an OSINT battleship! I heard Justin is releasing an API for it as well! Check it out!
360Social is a Chrome extension that allows you to find out where a particular social profile is elsewhere on the web. It’s completely noninvasive on your screen and simply slides a user friendly panel from the left to reveal the information. Here’s how it works. Let’s say you find a Twitter profile that’s of interest to you. If you click on the 360Social extension, it will extract the information from the target’s Twitter profile and reveal other places like Facebook, Instagram, LinkedIn, etc. where the same or similar information is hosted. This is something you can do manually, but I’m all about automation.
This Chrome extension is specific to Twitter. What Treeverse does is it takes a conversation on Twitter and breaks it down into a hierarchical tree and tells you who is talking to who and where the connections are. This is great for threads that have hundreds if not thousands of replies. The result is something similar to Maltego or i2 and gives you a basic link analysis function. It’s very fast and allows you to figure out the “so what?” really quickly. If you combine it with other extensions and conduct enough research, you could have a pretty quick data mined social network on your target in less than an hour.
Distill is a Chrome extension that monitors webpages or feeds for changes and then sends you a text or email after detection. You can save certain pages that are critical to your investigation (after taking a screenshot of course) and once they change, have a nice before and after screenshot that can make or break a case or add to evidence. I like this tool because it’s passive and works when I’m not. Considering I have maximum Chrome tabs open at a particular time, I need all the help I can get for workflow management. Distill helps me do that. The version I use is free. They have a paid, premium, option but I haven’t tried it.
Mostly Harmless is a Chrome extension that looks up the page you are viewing and tells you whether or not it’s on Reddit. And down the rabbit hole you go! Once you find a webpage posted on Reddit, you can view the comments and look for anything interesting. You can then extract the username of the account that commented and see if it’s anywhere else online using tools like WhatsMyName or Namechk. If you find something and can verify they’re related, you’ve just added a Reddit post and a username to your investigation.
Those are a few that I use for general purposes. In future articles, I’ll write about more niche extensions I use for things like extracting eCommerce data to perform trend analysis and other useful things. Make sure to follow me on Twitter or subscribe to this blog by email for updates!