What to do when a Facebook profile is private?

This blogpost is made after a 10minute video I made for the virtual conference OSMOSIS 2020 and was inspired @hatless1der blogpost.

Probably every OSINT investigator has encountered this problem; you’ve found your targets Facebook profile but it is completely private. So what can you do?

Clicking the buttons

One of the ways to start is by ‘clicking the buttons’. On a Facebook-profile there are quite some buttons to be found. And sometimes a button might seem like they aren’t containing any info but in fact they do.
The ‘Friends’ button can seem empty and not show any friends when you look at the profile, but when you click on the ‘See all’ button, you can sometimes get lucky and see the ‘Followers’ or ‘Following’ of a profile. And there is also a search bar which is helpful whenever the list is too long to read through.

Click on ‘See All’ to see the ‘Followers’ (left) or ‘Following’ (right) of a profile

Also make sure to always click on the ‘Photos’ button too. Always click on the ‘Album’ button to see if there might be more photos available then you see in the overview. And always scroll down the ‘Photos’ page too! Don’t forget that ‘Videos’ are a seperate section only shown under the photo section. So scroll down to see if your target has any videos!

Scroll down the Photos section to see videos of a profile

Searching the profile

About a month ago @hatless1der wrote an amazing blog about how to find interesting information when a Facebook profile is private.
In the ‘New Design’ there is a new search option shown on the profile; a little magnifying glass. It can be found in the top right of the menu bar on a profile. If it’s not there: it might be hidden under the 3-dot-menu shown on the right in the menu bar. If it’s not there, use the Base64/JSON technique (see our other blog on this technique here) to still search this persons profile.

Find the magnifying glass icon on the right in the menu bar

Whenever you click on this icon, a new window pops up where you can type in any search queries.

Pop up window with search bar

You could search for:
– First name
– Last name
– First name Last name
– Nick name (if known)
– Any most commonly used words like ‘Happy birthday’, ‘Congrats’, ‘Thank you’, ‘Complain’, ‘Sale’ or any kind of word(s) your target might use when posting something public.
– Random letters to see if this might gain any other posts.

Searching for public available info on Facebook

Now we know how to search for anything related to the profile, there are a couple of other methods you could use to see if there is any other publicly available information out there.
Type in the name of your target in the search bar. Now choose the category (on the left side) ‘Posts’. See if there might be any messages containing your targets name. If there are none (or not interesting), filter with ‘Posts From’ and search for your targets profile.
You can do exactly the same when searching for your targets name in the ‘Photos’ category. See if there might be any photos of your target. If there again are none, try to filter down by using ‘Posted by’ and select your targets profile.

Search for ‘Posts’ and ‘Photo’s

You can do exactly the same when searching for your targets name in the ‘Photos’ category. See if there might be any photos of your target. If there again are none, try to filter down by using ‘Posted by’ and select your targets profile.

And just searching for someones name or username in the ‘Photos’ category might be interesting too. Facebook has developed a technique called Rosetta which makes it possible to search for text IN a photo (they’ve OCR‘ed the photo). This way a photo of a car with a visible licence plate can be found by typing in the letters and/or numbers that are on the plate. Or typ in an email address to see if there might be a photo taken of a business card where that email address is visible.
So typing the name or username of your target might result in a photo where that is displayed on.

Example of a search for ‘webbreacher’ in the ‘Photos’ category. Result is a photo of the text ‘webbreacher’.

Still no luck? See if you can select someone close to your target (like family, friends, coworkers. etc.) in the ‘Posts from’ or ‘Posted By’ filter option. Maybe someone else mentioned your targets profile in a post, comment or photo.

Mutual Friends check

When a profile isn’t showing any friends, there is a way to get an insight in a part of the friends list. Therefor you must find a profile of someone close to your target who has got an open friends list. You can then compare both profiles and you’ll be able to see a large portion of the mutual friends between those profiles.

Here’s how that works:
1. Retrieve the Facebook ID of your target by opening the source code of his profile page and search for ‘userid’. Copy the ID.
2. Retrieve the Facebook ID of the profile who might be close to your target who has an open friends list. Again; search in the source code for ‘userid’ and copy that ID.
3. Now paste your targets ID and the ID of the person close to your target in the following URL (replace ‘USERID’ by the ID you’ve copied):

facebook.com/browse/mutual_friends/?uid=USERID&node=USERID

Your results will look similar to this (this has not yet been updated to the ‘New’ Facebook layout):

Results of a ‘Mutual friends check’

Finding the Groups of a profile

One thing that’s not yet possible to find of any profile using the search bar or the JSON/Base64 technique, is which Facebook groups someone is a member or admin of.
But there is a way to find this information!

If you’re using the browser Google Chrome, you can use the extension ‘Multiple Tools for Facebook‘. This extension mainly focusses on your own profile, but it has one really interesting feature. Make sure you’ve copied the ID number of the profile of your target before following these steps.

Once installed, click on the icon in order to open the menu. Choose ‘Tools’ in the menu on the left side.
Now you’ll see a search bar where you’ll see the ID number of the profile you’re logged on with. Delete this number and replace it with your targets ID number. Hit ‘Search’ to see the groups your target is either a member or admin of.

Example of the groups Mark Zuckerberg (ID no 4) is either an admin or member of

The downside of using this Chrome extension is that there is a possibility your profile will be temporarily or permanently banned because Facebook detects it. Please be aware that you use this with care!

Luckily @djnemec has taken a good look at this extension too and found out which technique it uses in order to retrieve te results. Although this might take a little more handwork, you are the person in control of what you’re requesting instead of an extension in Chrome. It’s pretty easy once you read his blogpost on how this works.
For this technique you’ll need the software Postman. Then carefully read the blogpost and @djnemec will guide you step-by-step in how this works.

Screenshot showing the File -> Import... menu in Postman to import a Postman collection
Using Postman in order to find out which groups someone is an admin or member of

Once you’ve found the groups someone is an admin or member of, make sure to see if the group is public or private.
Is it a public group? Search for your target in the ‘Members’ section and click on the profile. You’ll now see a ‘group profile’ where you’ll get an overview of the activities of your target in this specific group and just under their profile picture the date they’ve joined the group is displayed!

Example of a Group Profile

Username search

Maybe you already know the username your target goes by but if you don’t, the URL of a Facebook page might be an interesting place to look.
Visit your targets profile and look at the URL (in the address bar). You can find their Facebook username at the end of ‘facebook.com/’. Just behind the forward slash.

The username in this URL is ‘zuck’

Now copy that username and take it to a username search engine like Whatsmyname.app. Even though this might not gain you any information on Facebook, it might give you some new platforms to take a look at to see if there is any information to be found.

Example of ‘zuck’ in Whatsmyname.app

Reverse image search

Did you find any photos? Either on your targets profile or on someone else’s profile? If could be worth a try to see if the picture appears anywhere else online. You can do this by a reverse image search.
MW-OSINT has made this 10-minute OsintCurious video for you explaining some of the basics.

Search engines

Last but not least; don’t forget that search engines like Google, Bing and Yandex also do their best to index information from Facebook. Try searches like site:facebook.com “targets profile name” to see if there might be any information indexed by these search engines which isn’t shown on Facebook.

@lorenzoromani posted a helpful Google search on his Twitter profile. When you’re interested in searching for video’s, try searches like: “osintcurious” site:http://facebook.com/*/videos (replace ‘osintcurious’ with your targets name) to find any public videos on Facebook.
To make everything even more easy, he made a Python script so you can execute these searches and have the results all in a .csv or related transcript! You can find the script on his Github page.

Show me this in 10 minutes!

We’ve made a 10 minute OsintCurious video about all of these techniques. You can check out the video below:

Good luck!

Hopefully you’ve found some new ways to still find information of your targets private Facebook profile 🙂
If you have a different method which is not mentioned in this blog, feel free to share this in the comment section! We would love to learn from you!