OSINT Toolbox Talk: Investigating Minecraft users and extracting company employee data from LinkedIn

OSINT Tool Review

Masquerading your online activity with Chaff


Masquerading your online activity with Chaff Masquerading your online activity with Chaff https://chrome.google.com/webstore/detail/chaff/jgjhamliocfhehbocekgcddfjpgdjnje/related

For the more Operational Security (OPSEC) aware Digital Investigators and OSINT Analysts, ‘Chaff’ is an effective Google Chrome-based extension that can add a layer of security through obscurity towards a digital investigation. Chaff’s is designed to make your network activity data less useful and deceive packet sniffers that may be monitoring your browsing behaviour. It does this by creating ‘fake’ network traffic within a single Google Chrome browser and redirect across various web pages. Essentially, this makes your internet browsing activity look less specific and disguise your activity amongst automatically-generated page visits.

Understandably, there may be concerns with regards to Chaff’s behaviour and the range of websites that it will redirect to. For added assurance, users can define the seed URLs for the extension to visit and also allow users to select one or more search engines that Chaff should use when searching for random phrases. The range of search engines includes Duck Duck Go, Google, Bing and Yahoo.

Additionally, users can direct Chaff to loop through bookmarks – this is relatively useful for Digital Investigators as they can build a range of seed URLs that appear more deceptively convincing rather than being completely random.┬áLastly, users can fine-tune the extension’s behaviour to match their browsing behaviour. The tuning capabilities that Chaff offers include:

  • Altering the browsing speed by applying a maximum time between clicks
  • Adjusting the length of search phrases which are based on existing phrases found from seed sources
  • Set the maximum page load timeout – the time that Chaff will wait for a page to load
  • Applying the site depth by specifying the maximum number of pages that Chaff will visit on a particular seed URL during a single session
  • Set the total depth of a single Chaff session

For what it is and the capabilities it provides, Chaff is quite an effective tool that Digital Investigators and OSINT Analysts may consider should they need to apply an additional layer of security to their investigations. Whilst it can be argued that any digital investigations environment should have been prepared to an extent that significantly minimises the threat from packet sniffing; it may be the case that investigations taking place in lesser-secure environments will benefit from the capabilities that Chaff provides.


Let's talk today Are you ready to begin discussing our range of training and capability development solutions?