Week in OSINT #2024-22
Besides the usual interview, exercise and geolocation article, I need to address an important situation regarding the future of Chrome extensions
This week a major part of this episode has to do with an important change that is coming up, the phase-out of older extensions, due to major changes within the Chromium based browsers. I have taken it upon myself to start creating a list of extensions that might stop working once this change is pushed, and a link to that list can be found here.
Overview
- Sofia Santos' #27
- Hunted's Hickman
- Geolocating a Gang Leader
- Phase-out of Manifest V2
Training: Sofia Santos' #27
Sofia Santos [ ] created yet another OSINT exercise, and it is number 27 already! This one is for the beginners within the field of open source investigations, and can be solved rather easily with the right searches. What I love about these exercises, is that she mentions how difficult the questions are for beginners, and for seasoned investigators. And to check your findings, she also posts a 'walkthrough' on YouTube right away, explaining how it can be solved. This way you learn how the thought process within open source investigations work, and can learn how to pivot from one finding to another.
Link: https://gralhix.com/osint-exercise-027/
Media: Hunted's Hickman
The show Hunted has been running for several years in the UK and other countries. Even though a lot of the techniques used are sped up for the show, all required legal paperwork is removed, and based on the Dutch episodes I saw some years ago, legal warrants are given fairly easily. But still, a lot of the techniques portrayed in the show are real. In that way, it does give a good insight in how law enforcement, or investigative bureaus work. In this interview, Daisy Hickman [] is being interviewed on Baker's Chatcast about her career, and her experiences in Hunted.
Link: https://www.youtube.com/watch?v=nups_uNcx6Y
Article: Geolocating a Gang Leader
Benjamin Strick [ ] has been scrutinizing a CCN interview with a Haitian gang leader, and has been able to find the exact location where the interview took place. Even though the location might have been known by law enforcement already, the article shows how he worked, step-by-step, to find the actual house. And since Haiti doesn't have street view, nor does it have a lot of third party captured imagery, most will have to be done via satellite imagery. Another great example how geolocation of video or images can be done, with some basic tools, and enough perseverance.
Link: https://link.medium.com/OQvjy7na4Jb
News: Phase-out of Manifest V2
An important change within Chromium based browsers is about to start very soon, the phase-out of the so-called "Manifest V2" extensions. A manifest is a framework for extensions, and has been in use for many years already, despite some security issues that could occur due to its nature. The V3 is already active, and is in use by a lot of extensions already, but this might change very soon. One of the biggest changes could be that ad-blockers won't be as effective, due to the fact that updates in the list of domains will go through the Chrome web store, and have to be approved first, while it now is done by the extension itself in the background, sometimes several times a day. But there are also other
Examples of Chromium based extensions that still use Manifest 2, and that I have installed myself, are:
- GHunt Companion
- JSON Viewer
- Map Switcher
- OldTweetdeck
- Tampermonkey
- uBlock Origin
- User-Agent Switcher and Manager
As you can see, there are some well known extensions on that list, and it is very well possible that certain extensions will stop working all together in the near future. This means that new extensions will have to be developed, workarounds need to be found, or maybe even switch to a different browser. One possibility is to test out Thorium. There has been requests to keep the support for Manifest V2 for several years within the Thorium community, and the developer has mentioned more than once he will do his best to delay the phase-out as long as possible, until the code is fully removed from Chromium.
Brave Browser isn't a solution either, since they will also start implementing the change very soon. The only advantage with the Brave Browser is, that they have their built-in Ad Blocker. But if blocking advertisements is your only concern, you might as well look at completely different options, in my opinion!
So what will this mean for open source investigators, that rely heavily on extensions within their browser? Well, you can always switch to Firefox, because after some quick searching, I have found no mention of Firefox dropping the support of Manifest V2. The only problem is, that Hunchly will not work in Firefox, so if you really need Hunchly, you are out of luck and might need to use two separate browsers, and only capture half the pages you visit.
While writing this section, I did some checking, but life of course take unexpected turns, so I spent half a day cleaning up the kitchen after a blocked drain. But when I went over some notes, I did find some positive news after all. Because it seems that the beta version of Tampermonkey runs okay with some user scripts that I have installed. And within the release notes of Chrome 124 Enterprise and Education, I read that another beta version, of a User-Agent Switcher, is also update to Manifest V3. It is still possible that certain extensions will break, or stop working, but
For now, I will be actively looking for solutions, or replacement extensions, to fill certain gaps. Do feel free to share good alternatives for browsers, or extensions, with the community so we can help each other out!
Link: List with extensions.
Link: https://blog.chromium.org/2024/05/...
FUNINT: This Week's Meme
I already added the meme for this week, well before I remembered I needed to add a section about the disappearance of Manifest V2 from Chrome... Not sure whether the outcome will be as catastrophic as this meme depicts, but I guess we'll find out!
Have a good week and have a good search!
