Created
July 4, 2021 18:55
-
-
Save pagpeter/2ad5a0762100d58f98c79129ceb968e6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# PoC of getting the profile picture of any gmail address | |
# go into developer settings => storage => cookies | |
# paste cookies | |
# set EMAIl to email that you want to lookup | |
# enjoy | |
import requests | |
import time | |
import hashlib | |
EMAIL = "[email protected]" | |
cookies = { | |
"SID": "xxx", # cookie | |
"APISID": "xxx/xxx", # cookie | |
"SAPISID": "xxx/xxx", # cookie | |
"HSID": "xxx", # HTTP only cookie | |
"SSID": "xxx", # HTTP only cookie | |
} | |
def getAPIKey(cookies: dict) -> str: | |
# Couldn't find anything about this URL. | |
url = "https://docs.google.com/sharing/driveshare?authuser=0" | |
# Needed cookies for this request: | |
# SID, HSID, SSID | |
# We dont send any more cookies than needed | |
tmp = dict(cookies) # make a deep copy | |
del tmp["APISID"] | |
del tmp["SAPISID"] | |
r = requests.get(url, cookies=tmp) | |
try: | |
# I should really use Regex | |
return r.text.split("v2internal\\\",\\\"")[1].split("\\")[0] | |
except: | |
print("Couldn't get the API key") | |
print("Response: " + r.text) | |
print("Error getting API key") | |
# No apikey - no reason to continue | |
quit() | |
def getProfilePic(key: str, cookies: dict, email: str) -> str: | |
# cookies needed for this request | |
# SID, HSID, SSID, APISID, SAPISID | |
# current unix time | |
ct = str(int(time.time())) | |
# https://stackoverflow.com/questions/16907352/reverse-engineering-javascript-behind-google-button | |
sidh = hashlib.sha1(' '.join([ct, cookies["SAPISID"], 'https://docs.google.com']).encode()).hexdigest() | |
# The request wont work if ANY of these headers dont exist | |
headers = { | |
'Authorization': f'SAPISIDHASH {ct}_{sidh}', | |
'Content-Type': 'application/json+protobuf', | |
'Origin': 'https://docs.google.com', | |
'X-Goog-Api-Key': key, | |
} | |
# the first value has to be 58 | |
# the second value can be anything, even empty. It has to exist thought | |
data = f'[58,[],[["{email}"]]]' | |
# I couldnt find any information on this url | |
# the only information I found is this: | |
# https://gist.github.com/avaidyam/acd66c26bc68bf6b89e70374bdc5a5d4 | |
url = "https://peoplestack-pa.clients6.google.com/$rpc/peoplestack.PeopleStackAutocompleteService/Lookup" | |
r = requests.post(url, headers=headers, cookies=cookies, data=data) | |
try: | |
em = r.json()[0][0][1][0][0][0][0][0][0] # wth is google doing with their responses | |
print(f"[*] Successfully got the profle picture of {EMAIL} ") | |
print(em) | |
except: | |
print(r.text) | |
print("Error getting pfp") | |
if __name__ == '__main__': | |
key = getAPIKey(cookies) | |
print(f"[*] Successfully got the API key ({key})") | |
getProfilePic(key, cookies, EMAIL) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment