Friday, August 9, 2013

Facebook Picture to ID

Introduction

Its recently come to my attention that most people assume Facebook pictures can't be tied directly back to the owner given only a direct link to the picture. Well, this little utility was written to show just how easy it could be to use Facebook image links posted in IRC or elsewhere to track down the original owner of the content, and people tagged in the photo.


Parsing the URL


Take the following image link that I pulled from a random Google image search.
https://sphotos-b-ord.xx.fbcdn.net/hphotos-frc1/p480x480/1044981_547409191984903_1858736086_n.jpg
The main portion of the URL that we're interested in is the filename of the JPEG.
1044981_547409191984903_1858736086_n.jpg
The middle number is the FBID of the original photo album. This can be accessed by modifying a simple GET request to Facebook.
https://www.facebook.com/photo.php?fbid=547409191984903
From here it's as simple as parsing out the data that we want from the HTML. For this I decided to use BeautifulSoup and Python for simplicity and readability sake.

Example


# ./fbpic2id.py https://sphotos-b-ord.xx.fbcdn.net/hphotos-frc1/p480x480/1044981_547409191984903_1858736086_n.jpg
 
Album URL: http://www.facebook.com/photo.php?fbid=547409191984903

Owner (Page/Group): Best photos of the world
Owner URL: https://www.facebook.com/Best.Fotos.Of.The.World

Tagged with profiles:
Vikas Gaikwad (https://www.facebook.com/vikas.gaikwad.1612)
Lakhan Bhanuse (https://www.facebook.com/lakhan.bhanuse)
Kiran Ghoble (https://www.facebook.com/kiran.ghoble)
Abin Chakkara (https://www.facebook.com/abin.chakkara)
Vitthal Jadhav (https://www.facebook.com/vitthal.jadhav.52459)
Harshit Kumar (https://www.facebook.com/pammu.kumar.9)
Manish Sharma (https://www.facebook.com/manishmontysharma)
Vivek Bhumkar (https://www.facebook.com/vivek.bhumkar.1)
Sopho Arakishvili (https://www.facebook.com/sopho.arakishvili)
Sunil Kumar (https://www.facebook.com/people/Sunil-Kumar/100004499886492)
Shahib Singh (https://www.facebook.com/shahib.singh.3)
Mita Das (https://www.facebook.com/mukta.das.583)
Sneha Sweet (https://www.facebook.com/sneha.sweet.5872)
Rakesh Biyani (https://www.facebook.com/rakesh.biyani.50)
Zura Arakishvili (https://www.facebook.com/zura.arakishvili)
Dalia Edith Pérez Castañeda (https://www.facebook.com/daliaperezxalapa)
Shivu Vicky (https://www.facebook.com/shivanands.langaatad)
Forgive To Forget (https://www.facebook.com/thuchoa.tran)
Amit Verma (https://www.facebook.com/people/Amit-Verma/100003237125978)
Khursheed Patel (https://www.facebook.com/khursheed.patel)
Munmun Guha (https://www.facebook.com/munmun.guha.71)
Krishna Nk (https://www.facebook.com/krishnamurthy.axn)
Debabrata Paul (https://www.facebook.com/debabrata.paul.505)
Leveny Pradas West (https://www.facebook.com/levywest)
Adele McLeod (https://www.facebook.com/adele.mcleod1)
Leonardo L. Canillas (https://www.facebook.com/virgilio.canillas.18)
Mahshid Rh (https://www.facebook.com/mahshid.rahimi.5)
Ajay Giri (https://www.facebook.com/ajay.giri.3517)
Sudha Bharti (https://www.facebook.com/sudha.bharti.98)
Mehrdad Rahimi (https://www.facebook.com/mehrdad.rahimi.12)
Sameer Sam (https://www.facebook.com/sameer.sam.31945243)
Crystal Flowers (https://www.facebook.com/1.psycho.pixie)
Vesna Nikolcov (https://www.facebook.com/vesna.nikolcov)
Ziba Rahimi (https://www.facebook.com/ziba.rahimi)
Mary Smith White (https://www.facebook.com/mary.s.white.79)
Kỉ Hà Băng (https://www.facebook.com/tathi.thuan)

Tagged without profiles:
Prashant Rammtake
Lawrence Luggionskky
Maria C. Lanza
Vìvék Yàdûwáñshí
Satendra Yadav

Getting the source

 git clone https://github.com/chokepoint/fbpic2id.git

 Limitations

Some results on Facebook are limited to users that aren't logged in. In order to get greater results, adding login capability to the script would likely yield more information. Another idea would be to combine this with Facebook Query Language (FQL) in order to scrape information on each owner and taggee. For more information about FQL scraping check out Blackhat Library

7 comments:

  1. I'm trying to figure out how to download it it my computer, or do you find the file owner from the thing online? The download of beautiful soup goes to a directory listing of tar.gz files. How do you open those?

    It's kind of complicated.

    ReplyDelete
    Replies
    1. http://graph.facebook.com/547409191984903/picture

      Delete
  2. I need to view this photo, can u help me buddy?
    https://www.facebook.com/photo.php?fbid=918073674933055&set=pcb.912102588869069&type=1&theater

    ReplyDelete
  3. Using this technique on http://SocialFeeds.Club/ too .. Works great! Thank you.

    ReplyDelete
  4. hello thanks for this interesting article;

    what does the other numbers means ? 044981? and 1858736086 ? in 044981_547409191984903_1858736086_n.jpg

    thanks so much for tha answer

    ReplyDelete