Custom Searching Google Album Archives

I just saw a tweet for a Google Custom Search Engine (CSE) that searches for Google domains. The CSE allows people to enter a string such as “home” and then it will search Google domains that the creator of the CSE, Stefanie Proto (@sprp77), specified for that term. You get the results.

Photo Albums

So I was playing with the CSE, https://cse.google.com/cse/publicurl?cx=006205189065513216365:uo99tr1fxjq, and I noticed that when I entered a term, it retrieved many photo album archives from Google’s users where the users had used that term for a file name or in the caption of a picture. Here is an example of results from searching for the term “corn”.

Google Custom Search Engine search for corn

I know you are thinking, “Woo hoo Micah. Corn.” in your most sarcastic voice. Stay with me.

Notice in the pic above some of the domains that had our results were plus.google.com and some are get.google.com? Let’s click on one of those get.google.com and see the picture.

Google Photo Album

Yay! We see the images that some user has published to the internet. We have no idea if they are intentionally doing so, so I blurred the faces to help protect their privacy. In the real version you’ll see on Google’s servers, you see the images without the blurring.

I drew a yellow arrow in the upper left of the above image to point out the “back” button. You click that and you will get to see the user’s other public photo albums. I did it for you below.

All the User's Google Image Albums

We can see that there are a number of other photo album archives that this “taz” (see the name in the upper part of the image) has made public.

Google Profile Photos

If you have a Google account, they know a LOT about you. One thing that connects all your accounts is your profile picture. So, let’s go into taz’s profile picture album (yellow arrow in above photo) and see some of his photos.

Taz's Google Profile Album

Clicking that album shows only a single image. We click it to get down to the actual image. Now we see if Google knows more about this user by right-clicking on the image and selecting “Search Google for Image” (I’m using Google Chrome for this work…should have said that earlier.)

Search Google for Image

The results are shown on the Google search results page and…..fail. No other accounts show with this profile photo. You might have success though…as I did with other searches.

How Would a Criminal Use This?

OK, we have the technique:

  1. Use the CSE to search for something
  2. Look for the albums with a domain of “get.google.com” (not plus.google.com)
  3. Go into an album
  4. Hit the back arrow (upper left)
  5. Look for Profile photo
  6. Drill down into the profile photo and “Search Google for Image” for each
  7. Examine the results and see if there are any connections to users

So I started thinking evil-ly. What if criminals were using this? What if I entered a search term such as “new bike” into the CSE and then maybe I could find someone who just got a new bicycle (and the implication would be that the criminal might steal it). So I tried it.

I searched for “new bike”.

CSE search for "new bike"

Clicked on the album for the first get.google.com address (yellow arrow) and saw a person with a new bike.

I clicked the upper left back arrow (yellow arrow below).

Google Photo Album of Person with New Bike

I found that person’s Google Profile Photos album and clicked it.

Google Profile Album

Found an image and performed a Search Google for Image. This brought up a page with a bunch of false positives and one true positive at the bottom. See below for a link to a blog on WordPress.com.

Google Image Search from Profile Image

The above entry for the blog is in a foreign language. When I visited the page in Chrome, it offered (and I accepted) to translate the page for me (see red arrow in the upper right pointing to the translated icon). When it did, I clicked the “About me” link on the blog and now I have much more information about this person…a person who got a new bike. 🙂

Wordpress.com Page of Google User

I See Some Flaws

Of course you do. Those that have thought about my original premise of “people with albums of their new bike” probably have realized several problems that a true criminal might have:

  1. When was the picture taken? Just now or is that “new” bike pic from 3 years ago? To address this, could you make your own CSE and modify the results to only show results from the last week or month?
  2. Where does this person with a new bike actually live? In my case it was Bulgaria which is a little bit outside of my travel zone for doing anything to his bike. Perhaps there are other changes that could be made to the CSE to account for this as well?

There are other issues too such as “What if my target has no Google account?” or “What if there are no results for the reverse image search of their profile pic?” Those could happen for you.

Filling Your Tool Box

This blog post introduces a technique that you can put in your OSINT tool box. Just like real tool boxes that have screwdrivers, pliers, and hammers in them, you collect tools and then use them when you have the appropriate job that needs doing (screwing in screws, tightening a bolt, or hammering a nail, respectively).

Take this technique, place it in your OSINT tool box and use it for good.

If you are interested in making your own Google Custom Search Engine (CSE), visit https://cse.google.com/cse/.

One thought on “Custom Searching Google Album Archives

  1. Glad you like my search engine! I was wondering why it had like 500 searches in the last few days!!
    Awesome article!!!!

    This search engine only seeks out album archives (not Google+ photos)
    https://cse.google.com/cse/publicurl?cx=013991603413798772546:bldnx392j6u
    So you’ll always get the “better” url!!!

    Check these out too..
    this one finds Google Drive Folders!!!
    https://cse.google.com/cse/publicurl?cx=013991603413798772546:nwzqlcysx_w

    Check out my IFTTT Applet Search engine
    (Strangely enough, Google+ isn’t listed as a service on IFTTT.com and therefore it’s impossible to find any IFTTT applets even though they are out there and being used. You can however, find them using Google Custom Search.
    Use the below search to find Google+ Applets
    https://cse.google.com/cse/publicurl?cx=000501358716561852263:xzfiqchwcj8&q=google+plus
    You can also find Google+ IFTTT Developers using this search
    https://cse.google.com/cse/publicurl?cx=007791543817084091905:9acu5mh0duw&q=google+plus)
    Thanks!!!
    Stefanie Proto
    @sprp77

    Like

Comments are closed.

A WordPress.com Website.

Up ↑

%d bloggers like this: