DumpItBlue+: Extracting follower data, reactions and friend lists from Facebook
Before getting started with DumpItBlue+, it should be pointed out that this extension was introduced to us by one of our followers on LinkedIn after we had published our OSINT Workflow article discussing how to extract and visualise Facebook friend lists. Therefore, a special thank you goes out to him for contributing to the OSINT community!
Therefore, this OSINT Tool Review builds on our OSINT Workflow article by presenting an alternative tool that can be used effectively parse through Facebook friend lists. However, a challenge that is quite often encountered by many Digital Investigators and OSINT Analysts is when Facebook targets do not have a public friends list. In that event, Investigators rely on other methods that can be used to generate a possible friend list for that target. Such methods include parsing through comments and reactions that are visible on the target’s profile in addition to their so-called follower list.
DumpItBlue+ enables Investigators to efficiently and effectively parse through such data and present it to us in such a way that can be used to create the necessary Comma-Separated Value (CSV) lists and subsequent visual graphs. The extension itself comes equipped with several features:
- Flexible scrolling: This feature is far more effective when compared to other extensions such as ‘Webpage Auto Scrolldown’. With DumpItBlue+, the user can specify the type of window that it is required to scroll and adjust its behaviour accordingly. For example, the user can indicate that the page to scroll is a popup window containing a post’s likes / reactions or a Facebook Messenger contact list. Therefore, in the event that a Digital Investigator has conducted a Covert Internet Investigation and needs to export Facebook Messenger data to an effective analysis tool such as Paliscope YOSE, DumpItBlue+ provides this capability very easily. Additionally, the user can also specify a scrolling limit (by count or by date) – ensuring that the data that is collected is relevant to the investigation.
- Expanding: Here, the Investigator can specify whether DumpItBlue+ should expand on all posts, comments / replies and additional posts. Again, this feature is very useful as it saves a lot of time by ensuring that the Investigator does not have to manually click on each post / comment to reveal more potentially crucial information.
- Removing: This is also a handy feature that enables the Investigator to remove information that holds no real value from being displayed on the screen such as the Top Bar and Write Comment Boxes.
- Dumping: Undoubtedly, this is the feature we are most interested in. Here, DumpItBlue+ will parse through the target profile, extract it, and present it to us within a separate browser window. The data can then be transformed into a CSV list either by copying / pasting or by using another extension. The dumping feature is the most flexible extension-based data extraction tool by far. DumpItBlue+ enables the user to specify the target page and adjust its behaviour accordingly. Currently, it recognises friend lists, page contributors, newsfeed likes, mutual friend lists, group member lists, messenger contacts and image albums. The data that DumpItBlue+ extracts can then be used within a visual analysis tool. During our test, we used the highly powerful data analysis tool Paliscope YOSE.
Additional features offered by DumpItBlue+ includes the capability to isolate the scroll function to certain page types. Lastly, users can also input a time delay to ensure that investigative activity avoids being flagged by Facebook.
As for visualising the data extracted by DumpItBlue+, we opted to use the new YOSE beta version by Paliscope. Using multiple data extracts such as Facebook friend lists, group member lists and chat extracts, YOSE was able to present all of the data in a very smooth visual intelligence interface; the results of which were out-of-this-world! If you haven’t tried the products by Paliscope yet, then we certainly recommend doing so by contacting the team directly: email@example.com.