قالب وردپرس درنا توس
Home / Tips and Tricks / How to Catch an Internet Catfish with Grabify Tracking Links «Null Byte :: WonderHowTo

How to Catch an Internet Catfish with Grabify Tracking Links «Null Byte :: WonderHowTo

In MTV's series Catfish TV series, in Season 7, Episode 8, Grabify is a tracking link generator that allows an online catfish to easily be caught in a lie. With the ability to identify the IP address, location, make, and model of a device opened through a cleverly disguised tracking link, Grabify can even identify information that has leaked behind a VPN.

Whether it's an online apartment ad To be true or a person online, you have a strange feeling. Detecting red flags can save you trouble early. If you live in Canada and an IP address in Africa lists the apartment you checked out, you may not want to deposit.

The ability to check details such as source device, country, or even the time zone can prove to be extremely useful for determining whether a person is honest or not, what information they reveal online about them. When combined with information such as EXIF ​​data, it is easy to compare a geotagged photo or hard-coded device information in a file with the device that opens a Grabify tracking link.

To track someone with Grabify, first select a link that would do this to be natural. Then disguise the nature of the link by making it appear as a normal shortened link to a torrent or image file. When the target clicks or taps the link, capture their information as they pass the link to the decoy.

What can you learn from a tracking link?

The type of information you can get from a tracking link depends on the type of link you are using. There are two types of tracking links that Grabify can create. The default setting is a simple and almost undetectable redirect to a lock URL. This default option looks and behaves like a URL shortener, and the average person would not notice.

From this type of link, you can expect to get IP address, country, browser, operating system, host name and Internet service provider. For someone being harassed online, this alone is enough to file a police report or bring charges.

If you want to use the advanced tracking link offered by Grabify, the target will see a short redirect page with the following view: [1

9659009] How to catch an Internet catfish with links to Grabify tracking ” width=”532″ height=”532″ style=”max-width:532px;height:auto;”/>

Because average users do Do not recognize as suspicious, it is generally safe if you need more information. Since we are rendering a page this time, we can get much more information about the user.

With advanced tracking, we can see the battery level and see if the device is connected or not. We can see the brand and model of the device, the internal network IP address, the time zone, the screen size, and even how the user is holding their device. This level of detail can become downright scary and can give you the upper hand if you prove that someone is not really who they say he is.

What you need

Grabify is a web-based project from jLynx that can be accessed from any browser. While you do not need to sign up for an account to use Grabify, it's free and there are some additional options available. If you like Grabify, you may also like other jLynx projects, so check them out on their website.

Step 1: Find a Plausible Link to Send

For this attack to work, we need to launch an attack scenario in which it makes sense for the target to click or tap on a link. There are two different types of links we can send: one loads a fake referrer page to get more information, and the other is a simple passthrough connection that is less visible but also records less information.

The less obvious link is This is the default. So if we do not want to take everything with us, we can focus on one reason to get the goal to click or tap something. Unlike a canary token that leads you to a suspected dead end, Grabify lets you specify where the victim should land after clicking or clicking on the link. This makes it much easier to recognize your goal. You set up a trap.

There are many ways to get the link to the destination, and a common one is to leave the link in a chat or email in your account, so the link looks like the link is important or personally. If someone accesses your account and clicks or taps the link, you know immediately.

In another scenario, you could trick someone into clicking or tapping a link by creating a plausible context in which sharing a link makes sense. Usually, tactics like "Is this your profile?" with a link that goes back to her profile is the least suspicious, as shown in the episode of MTV Catfish

. Step 2: Create a Tracking URL

The first step in tracking a destination with a Grabify link is to find a link that you expect to be awaiting your destination. If the destination ends up with the URL, it should not be unaware and serves as a cover for the tracking link you've created. You want to pretend that you're sending them a regular, innocent URL snapshot of any decoy link you choose.

In my example I will slowhotcomputer.com.

Navigate to grabify.link and enter your URL in the box. Then click "Create URL" and agree to the terms to create the link for the tracking URL.

Grabify generates a tracking page with tracking link and user interface with information about when someone clicked or clicked on the link. It should be empty on first launch, although some URL shorteners use bots to preview the link you are trimming and this data may be displayed.


Step 3: Shorten and hide your tracking link

Grabify is not exactly subtle URL name. If you want to successfully persuade your target to click or tap on a link, you will receive a link that does not seem out of place. You can hide the link with any number of URL shorteners, some of which are directly available in Grabify.

Below is a list of URL shorteners supported by Grabify. Click "View Other link Shorteners" next to Other Links on the log page.

If the included shortener options are not appropriate for your situation You can always create a custom link that works like an image file, GIF, CSV, HTML, torrent or ISO file looks like.

Click either "Click here" next to . Select domain name or "Modify" from domain / Create a Custom Link "in the New URL field and check the" Extension "drop-down list to create the impression that you would Share a file instead of using a referral link that may cause the target to click or tap on your link.

In this custom Link menu also has options for a domain other than the one provided by Grabify, a custom path and a custom parameter.

If you create a shortened link or custom URL panel, you'll be ready to introduce it to the destination Once the target clicks or taps the link, an entry will appear in the Results section of your log page.

Step 4: Interpr Tracking Information Tracking

Now open your destination link and see what you see. In the default configuration, you do not use a fake referrer page, so you will not get the most information possible.

You should see a detection in your management portal (you may have to refresh the page) and you can see it to see more details. As you can see in my example below, I have the bare essentials like location, IP address and information like the internet service provider and the operating system.

? If you want to make things a little shorter, you can enable the "Smart Logger" function by clicking on the toggle switch on the web interface. The toggle switch allows a fake tracking page to extract more information.

If "Smart Logger" is enabled, open the link again and take a look at the recorded information. This time, you should see much more information.

This additional information can tell us a lot. For example, in my example, the internal IP address tells us that this person is probably connected to a VPN, as a local default IP address would likely look like "" or something similar. It also gives you more information about the particular device that made the request, the installed screen size, and browser extensions.

You'll also find that you can tell if the battery is charging and what the battery level is. This will allow you to track a person for a short period of time, with the battery charge level either rising or falling when charging when the device is not charging, which clearly identifies the device. Another overlooked value is the language and time zone that are often set by the system.

In some cases, we see the manufacturer and model of the device making the request, so we can identify the hardware used by the target. Each of these details may be sufficient to blow up a catfish by indicating either the wrong state or country, displaying a device other than that used by the person in their (possibly fake) photos, or displaying a time zone

Kill Grabify Tracking

The tracking technology behind Grabify and other online trackers is powerful, but it's not impossible to defeat them. Many of the information received from Grabify comes from the user-agent string. So, if you use browser add-ons to change the user-agent string, you can look like a different device type. With another user agent, you can hide many of your details from a Grabify tracking link. With a VPN and browser extension I was able to mask the country, the IP address and other information about my device.

What I could not change right now was my time zone and language set by the system and were not affected by the VPN or browser extensions. Since my internal IP address displayed a VPN connection, someone following me might think my information is wrong except for my time zone and my language. That alone would limit my origin in the US and Canada and nullify the hard work I've spent faking my location and IP address. Because of these types of leaks, it's important to understand how links like Grabify can track you on the Internet and what details you can reveal.

I hope you liked this guide to using Grabify to generate tracking links! If you have questions about this catfish tutorial or have a comment, please ask below or call me: Twitter @KodyKinzie .

Do not miss: Stealing Wi-Fi passwords with a nasty double attack

Title image by Justin Meyers / Null Byte; Screenshots of Kody / Null Byte

Source link