Week in OSINT #2024-19

13th May 2024

This week a small update due to a very busy weekend. Some content I found online, but this week I also share one of my personal tips!

At the end of last week, large parts of the world had the chance to admire a rare event. In large parts of the world the Aurora Borealis and Australis were visible with the naked eye. Sadly enough, I was too busy with other things, that I completely missed this news, and missed out on this extremely rare event. So I guess I'll have to plan a long trip to Scandinavia when there is another solar storm coming, if I still want to see it with my own eyes. And due to being so busy, I also only have a small update for you! But I hope it is interesting nonetheless:

Mirror Mobile Phone
User-Agent Switchers
OSINT Methodology
Telegram Phone Checker

Tutorial: Mirror Mobile Phone

In this tutorial by LifeWire [], it is explained what options there are to mirror the screen of a mobile phone. I really like the option to share a screen on my laptop, because it gives me the opportunity to create screenshots directly, and save them with other evidence. Especially screenshots, or video recordings, of Snapchat content is something that can be tricky, due to the fact that the official ap detects screenshots made by the phone, and the fact they notify the party involved. Another nice tip, shared by GingerT [ ].

Clip from episode 2022-12 where I discussed 'scrcpy'

Link: https://www.lifewire.com/show-phone-screen-on-windows-4164406

Tip: User-Agent Switchers

I like the idea of switching to a specific User-Agent, whenever there is a particular need for it. For instance, when you want to retrieve JSON data from the Instagram API, it can easily be done in a web browser, but you need to trick the backend by spoofing the request as coming from a mobile app. For this, a User-Agent switcher that can automatically change the 'request headers' so it appears it comes from an app, is very useful! And there are a few of these extensions. As can be seen in this screenshot, it is possible to set a custom User-Agent for a very specific URL in this case:

Different extensions, have different options. As can be seen in the screenshot above, it is possible to set a User-Agent for a very specific subdomain, and even a path! This helps me to only spoof a request when I browse to the Instagram API, but nothing else.

Setting a random User-Agents, based on a domain

The second extension, has a different feature that can be really nice: It can select a random user-agent, by providing it a set of possible options. This way, every time you visit the specific domain or subdomain, there will be a different device that is being spoofed.

These are not the only two extensions that have this ability, and there are pros and cons to each. So you will have to do some research on your own, and see what suits you best. I also only added two Chrome extensions, for the purpose of sharing this tip, but of course there are options out there for non-Chromium based browsers, like Firefox and Safari.

User-Agent Switcher: Chrome extension

User-Agent Switcher and Manager: Chrome extension

Article: OSINT Methodology

Another entry where I tag GingerT [ ], because e wrote a blog post about OSINT methodology. After other similar blog posts that were featured in Week in #OSINT, he decided to share his own thoughts on his thought process, and steps he takes. I love that 'Ginger' also does a lot of manual work, and rather spends time on thinking were to find information, than simply firing off tools to gather as much information as possible.

Research by Nick Youngson CC BY-SA 3.0 Pix4free

Link: https://www.cqcore.uk/osint-methodology/

Tool: Telegram Phone Checker

I have been investigating Telegram users for quite some time already, and I love to use tools that can check whether a phone number has an active account connected to it or not. A few months ago, Bellingcat [ ] made some changes in their Telegram phone number checker, and I gave it a small test run. The Python tool can check one or more phone numbers at once, and after it finishes within a second, it stores the information in a JSON file for further analysis. Thanks Jake Creps [ ] for sharing this in your OSINT Newsletter!