An easy-to-learn guide on Facebook osint by @dheerajydv19
Pre-requisites - a basic understanding of kali Linux and a pc/laptop with a good internet connection
Let’s start the blog with the basics and then move forward to more advanced topics.
Creating a fake Facebook account
But why do we even need a fake account?
The answer is really simple, many times we use some automation tools which require logging in via Facebook and we need to perform many other activities which can result in Facebook blocking your account or maybe even worse if it’s a permanent ban, you will lose all your personal account data. One more reason, while doing investigations, we never wanted that our victims should even have a clue about us that someone is performing Facebook osint on them.
But also keep in mind, your new account should look like a realistic one, I mean it should not be like that if the victim gets a vibe of a fake account and he didn’t accept your request or take any other safety measures.
In simple words, in order to hide our real identity from the victim, we need a fake account which we call sock puppets.
Step-by-step guide -
Firstly go to any fake data-generating website like https://fakeit.receivefreesms.co.uk/c/us/
Go to facebook.com and click on signup.
Use the fake data that we just got on opening the website in step 1 including the email.
That’s it, we just created a sock puppet for Facebook osint. You can create more accounts in the same way if needed.
Go to https://thispersondoesnotexist.com/, here you will get pictures that you should use as your profile pic in that fake account.
Add some more fake data in the profile in that Facebook account so that it should look genuine and doesn’t look suspicious.
Note - I just created a fake account using the email given by the website in step 1, but maybe in the future, if meta bans signup using disposable mail offered by this website, just use disposable mail from any other less popular website.
I suggest if your investigation needs more time, then don’t create the fake account using temp mail, instead, first create a Gmail use the fake data and then use that fake Gmail to create the Facebook account.
ProTip - New VM > New google account > fake data && google doc for notes
Since Facebook is a very old social media site, I won’t be writing about the normal approach and tricks you can use a search box for finding an account, you can view who liked which posts, etc. I am considering that you already have basic knowledge about Facebook and its feature, if you don’t have one, once explore the website by yourself.
- Always use the desktop version(it gives much more data as compared to the web version or in the app).
- Explore the complete website for almost an hour to get yourself familiar with its design and features and all other capabilities.
- Prefer writing all your findings somewhere maybe google Docs, notion, anywhere you wish.
- While copying any data, prefer copying it with href attribute, it will save you time.
- Always try to think out of the box.
Facebook Search -
Use the Facebook search filter at its best, it will give you much more information if used correctly. For example, let’s imagine a person has gone on a trip with his friends, he hasn’t posted anything about that on his Facebook but his friend has posted some pics about that and tagged him, so if you apply the filter in post, most recent maybe chances are it will be shown.
Sometimes some people make their email address and phone number public, so once go to the contact and basic info section of the victim profile, if you got that congo, otherwise abuse the forgot password functionality to know a few starting and ending words of email/phone.
That’s it for this blog, will write a better version of this in a guide form soon, with a list of awesome tools and all tips and techniques i personally use or knows. This is just an introductory type blog, so just read and enjoy.
Follow me on Twitter: https://twitter.com/Dheerajydv19