Selected at MTV's Catfish TV series, in season 7, section 8, Grabify is a tracking link generator that makes it easy to catch an online catfish in a lie. With the ability to identify IP address, location, make and model for any device that opens on a smart disguised tracking link, Grabify can also identify information leaked behind a VPN.
Whether it's an online apartment ad that also seems great to be true or a person online you have a weird feeling about, identifying red flags can save a lot of trouble early on. If you live in Canada and an IP address in Africa lists the apartment you are checking out, you may not want to send a deposit.
The ability to verify details such as the original device, country or even time zone can prove incredibly useful for identifying whether a person is honest or not about the information they share about themselves online. In combination with information such as EXIF data, it is easy to compare a geotagged photo or the hard-coded device information in a file against the device that opens a Grabify tracking link.
To track someone with Grabify, first select a link that would be natural to send. Then you hide the link's character by appearing to be everything from a regular shortened link to a torrent or an image file. When the target clicks or moves on the link, you pick up the information as they pass through the link to the decoy.
What can you learn from a tracking link?
The type of information you can learn from a tracking link depends on the type of link you use. There are two types of tracking connections that Grabify can create; default is a lightweight and almost undetectable redirect to a decoy URL. This default option looks and works as a URL shorter, and the average person would not notice it.
From this type of link you can expect to get IP address, country, browser, operating system, host name and internet service provider. For someone who is shocked online, it alone may be enough to submit a police report or print charges.
If you want to use the advanced tracking link that Grabify offers, the goal will see a short redirect page that looks like this: [1
9659009] How to get an Internet Catfish with Grabify Tracking Links ” width=”532″ height=”532″ style=”max-width:532px;height:auto;”/>
Since the average user does not Would recognize this as something to be suspicious, it is usually safe to use when you need more information. Because we are doing a page this time, we can learn a lot more information about the user.
With the advanced tracking, we can see the battery level and whether the device is connected. We can see the manufacturer and model of the unit, internal IP address, time zone, screen size and also in which way the user keeps his device. This level of detail can be quite scary and can give you the upper edge to prove that someone is not true who they say they are.
For this attack on the job, we need to create a scenario where it is meaningful for the goal to click or tap a link. There are two different types of links we can send, one loads a false reference page that takes more information and the other is a simple through-link feeling that is less visible but records less information.
There are many ways to get the link to the goal and one is usually to leave the link in a chat or email in your account, which makes it look like the link is important or personal. If someone accesses your account and clicks or taps the link, you will immediately know.
In another scenario, you can trick someone into clicking or tapping a link by creating a reasonable context where sharing a link is meaningful. Usually, tactics like "Is this your profile?" with a link that goes back to their profile is least suspect, as shown in MTV's section Catfish .
Step 2: Creating a Tracking Address
The first step in tracking a goal with a Grabify link is to find a link you think your target would expect to receive. It should be somewhat strenuous when the goal ends at the URL, and it will serve as a protection for the tracking link you create. You want to pretend to send them an ordinary innocent URL-shortened version of any link you choose.
Navigate to grabify.link, and enter your URL in the submitted. Then click on "Create URL" and accept the terms for creating your link for URLs.
Grabify generates a tracking page, complete with a tracking link and interface with information about each time someone clicked or dropped the link. When you first start, it should be blank, although some URL shots use bots to preview the link you are shortening, and that data may show up.
Now that we have a functional tracking link, it is time to start looking like something our goal would click or tap.
Step 3: Shorten and Hide the Tracking Link
Grabify is not exactly a subtle URL name, so part of successfully getting your goal to click or click on a link gives a link that doesn't look like out of place. You can hide the link with any number of URL shorter, some of which are available directly in Grabify.
Below you can see the list of Grabify Support URL Mappers. Click "Show other link templates" next to Other links on the log page.
If the included card options do not suit your situation, you can always create a custom link that looks like an image file, GIF, CSV, HTML, Torrent or ISO -file.
Click either "Click Here" next to Select Domain Name or "Change Domain / Create a Custom Link" in the New URL check box on the "Extension" drop-down menu. You can make it look like you are sharing a file instead of a referral link, which can work better to trick the target into clicking or tapping the link.
In this custom link menu, there are also alternatives to another domain from one of those provided by Grabify, providing a custom path and providing a custom parameter.
Once you have created an abbreviated link or a custom URL disguise, you are ready to present it to the target. Once the target has clicked or lost the link, an entry will appear under the "Results" section of your log page.
Step 4: Interpret the tracking information
Now open your target link and see what you get. In the default configuration, you do not use a false reference page, so you do not get as much information as possible.
You should see a discovery on your management portal (you may need to update the page) and you can select it to view more details. As you can see in my example below, I have the essentials, such as the site, the IP address and the information provided by the internet provider and operating system.
To kick things up, you can activate the "Smart Logger" function by clicking on the switch on the web interface. The switch allows for a false tracking page that can extract much more information.
When "Smart Logger" is activated, open the link again and take a look at the registered information. This time you should see much more information.
This extra information can tell us a lot. For one, in my example, the internal IP address tells us that this person is probably connected to a VPN, because an ordinary local IP address would look like "192.168.0.2" or something similar. We can also see more information about the specific device that made the request, as well as screen size and browser extensions installed.
You also notice that you can learn if the battery is charging and what battery level is. It can allow you to track a person for a short period, with their battery level increasing either by charging or decreasing if not charged, which can uniquely identify the device. Another clear value is the language and time zone, which is often set by the system.
In some cases, we can see the manufacturer's brand and model which makes it possible to specify the hardware used by the target. Some of these data may be sufficient to change a catfish, either by revealing that they are in the wrong state or country, showing a different entity than the one used by the person in their (probably false) photos or by displaying a time zone as
Defeat Grabify Tracking
The track technology behind Grabify and other online trackers is powerful, but it's not impossible to defeat. Much of the information obtained by Grabify is from the user agent string, so with the help of browser extensions you can change your user agent string so that you can look like another type of device. With another user agent, you can hide much of your details from a Grabify tracking link. With the help of a VPN and browser extension, I could mask the country, the IP address and other information about my device.
What I couldn't change immediately was my time zone and language set by the system and was not affected by the VPN or browser add-ons. Since my internal IP address showed a VPN connection, it is likely that someone tracking me assumes my information is false except my time zone and language. What alone would limit my origin to the US and Canada, regret much of the hard work I put into faking my place and IP address. Because of these types of leaks, it is important to be aware of how links that Grabify tracks you on the internet and what kind of details can give you away.
I hope you had this guide using Grabify to generate tracking links! If you have any questions about this tutorial on catching catfish or if you have a comment, ask below or feel free to contact me on Twitter @ KodyKinzie .