How Clubhouse user scraping and social graphs

Intro

  • Corporate email
  • LinkedIn
  • Facebook

Clubhouse? What?!

  • Huge popularity
  • Users mostly sign up with their real names, photos, and links to other social media
  • It’s quite easy to get into a room with interesting people, who are often hard to reach through traditional channels like email, LinkedIn, etc.
  • Our experience tells us that people are suspicious of cold emails with attachments and don’t open them. But in the context of an informal social platform, they seem to be less alert, which is good for RedTeam.
  1. Sign up in Clubhouse
  2. Find our target in Clubhouse
  3. Wait until they participate in a room as a speaker
  4. Join the room
  5. Try to engage them in a conversation. Get them interested and move the conversation over to email
  6. Send them an email with the attachment and payload
  7. The target opens our docx
  8. Profit!

First troubles

This is the way!

  1. Find any X corp employee
  2. Get their list of followers and their accounts
  3. Get the list of users they follow and their accounts
  4. Get the lists of users of the clubs these accounts are in
  5. Filter all these users by “X corp” in the About profile section
  6. Make social graphs to find our target in someone’s connections
  • invitation chains (down to the first Clubhouse users)
  • “following” connections
  • “follower” connections
{
"user_profile":{
"user_id":4,
"name":"Rohan Seth",
"displayname":"",
"photo_url":"https://clubhouseprod.s3.amazonaws.com:443/4_b471abef-7c14-43af-999a-6ecd1dd1709c",
"username":"rohan",
"bio":"Cofounder at Clubhouse ?? (this app!) and Lydian Accelerator ? (non profit for fixing genetic diseases)",
"twitter":"rohanseth",
"instagram":"None",
"num_followers":5502888,
"num_following":636,
"time_created":"2020-03-17T07:51:28.085566+00:00",
"follows_me":false,
"is_blocked_by_network":false,
"mutual_follows_count":0,
"mutual_follows":[],
"notification_type":3,
"invited_by_user_profile":"None",
"invited_by_club":"None",
"clubs":[],
"url":"https://www.joinclubhouse.com/@rohan",
"can_receive_direct_payment":true,
"direct_payment_fee_rate":0.029,
"direct_payment_fee_fixed":0.3
},
"success":true
}

Example 1. Get the information about the user chipik and all of their followers and followed the accounts.

~python3 clubhouse-graphs.py -u chipik --followers --following
|------------|-----------|-------------|--------------------------------------------------------------------------------------------|----------|------------------------|---------|-----------|-----------|-----------|------------|-----------------|
| user_id | name | displayname | photo_url | username | bio | twitter | instagram | followers | following | invited by | invited by name |
|------------|-----------|-------------|--------------------------------------------------------------------------------------------|----------|------------------------|---------|-----------|-----------|-----------|------------|-----------------|
| 1964245387 | Dmitry Ch | | https://clubhouseprod.s3.amazonaws.com:443/1964245387_428c3161-1d0e-456e-b2a7-66f82b143094 | chipik | - hacker | _chipik | | 110 | 96 | 854045411 | Al Fova |
| | | | | | - researcher | | | | | | |
| | | | | | - speaker | | | | | | |
| | | | | | | | | | | | |
| | | | | | Do things at hexway.io | | | | | | |
| | | | | | tg: @chpkk | | | | | | |
|------------|-----------|-------------|--------------------------------------------------------------------------------------------|----------|------------------------|---------|-----------|-----------|-----------|------------|-----------------|

Example 2. Get the list of the participants of “Cybersecurity Club”

~python3 clubhouse-graphs.py --group 444701692
[INFO ] Getting info about group Cybersecurity Club
[INFO ] Adding member: 1/750
[INFO ] Adding member: 2/750
...
[INFO ] Adding member: 749/750
Done!
Check file ch-group-444701692.html with group's users graph

Example 3. Find all users who allegedly work/worked at the WIRED magazine and their followers and followed the accounts.

~python3 clubhouse-graphs.py --find_by_bio wired
[INFO ] Searching users with wired in bio
[INFO ] Adding 1/100
[INFO ] Adding 2/100
...
[INFO ] Adding 100/100
Done!
Find graph in ch-search-wired.html file

Example 4. Clubhouse invitation chain

~ python3 clubhouse-graphs.py -I kevinmitnick
[INFO ] Getting invite graph for user kevinmitnick
Kevin Mitnick<--Maite Robles
Maite Robles<--Roni Broyde
Roni Broyde<--Alex Eick
Alex Eick<--Summer Elsayed
Summer Elsayed<--Dena Mekawi
Dena Mekawi<--Eric Parker
Eric Parker<--Global Mogul Chale
Kojo Terry Oppong<--Shaka Senghor
Shaka Senghor<--Andrew Chen
Done! Find graph in ch-invitechain-kevinmitnick.html file

Results

Takeaways

  • Do not limit yourself to “standard” social engineering channels.
  • Be careful with the information you put out on social media, especially if it concerns your current or previous employment.
  • Most likely, the popularity of Clubhouse has passed. But there are a lot of users with real data, which can be parsed easily. All that makes us think that someone could already have collected a database of Clubhouse users, and some time later it may end up leaked.

--

--

--

A platform for pentest management and collaboration

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Use These Web Scraping Free APIs To Extract Information Without Bans

Physically Based Rendering — More Accurate Microsurface Distribution Function GGX

Crypto-crash 2022 : Rick made 1 = 0

Looking for a Free Domain Categorization API? Check This Company

Ruby on Rails: DAY 3

Reduce Logic Errors in Critical Code

3 Best Cloud-Based Free Categorization Tools You Can Use Today

How to view pdf file from URL in swift using PDFView | Build Simple Book List iOS App (2021)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hexway

Hexway

A platform for pentest management and collaboration

More from Medium

Cybersecurity Cockpit — A Pilot View

Let’s Defend DFIR Http Basic Auth — writeup.

CyberDefenders Obfuscated: Analyzing A word Document containing malicious JScript

Cyber Crime Isn’t Going Anywhere Soon, What Can You Do About It?