Doxing is the act of finding one's personal information through research and discovery, with little to no information to start with. You may have seen doxing in the news, for instance when not so long ago, hacker team Anonymous doxed and reported thousands of twitter accounts related to ISIS. Doxing can be useful for finding the address of a coworker, or simply investigating people on the internet. The tutorial I will provide to you now will teach you the basics of doxing and how you can protect yourself against malicious people on the internet.
The thing about doxing that makes it a skill is that you must be prepared for many different situations, as no two people will have their social profile setup in the same exact way. You must be prepared to only have the resources of a name, email, username, or even phone number to find out all of the other information about a person. If you have an email, you are all set. An email is connected to social media (names) work (phone numbers) and accounts (information about the person). If you don't have an email, you should have a basic goal to get one, or at least a name...but for the sake of this tutorial, I will break up each step for a different scenario.
Usernames are extremely difficult to make connections with. If you have a username you can use some websites that I will provide to see other accounts and profiles connected to those usernames. These websites are not always correct, but you should check with a couple of them before proceeding to mark down information about a person.
My personal favorite place to start is pipl.com.
Pipl is a good place to start if you only have a username. Though pipl has the capability to search with emails and names, I would use some other sites that I will show later in the tutorial that specialize in those. Pipl should definitely not be your #1 go to site for doxing. For the sake of this tutorial, I will show you an example of what would come up when I search for null byte.
As you can see here, pipl pulls up some pictures of null byte, as well as some social media accounts connected to Null Byte. Some other sites that do the same thing as pipl, if not better, are spokeo.com and knowem.com. Now you're on a roll. From here we can talk about our social media pages.
Our social media pages are a huge source of personal information. From our social media pages, we can define our friends, family, best friends, locations, possibly phone numbers, photos of the person, and even information about the person's work. If you have somebody's social media page as a start, you can find out things like their address easily, even if they are under the age of 18. How? Well, with social media we can find out the city of the person, as well as some family members. From there we can use some websites I will show later in the tutorial to find addresses. Let's look at a random Facebook page and see what we can find.
Here we have the Facebook page of a man named John Smith. I don't know John, but I can still take massive amounts of information from his Facebook page.
For instance, from his about page, I can see the city he lives in, as well as the school he went to.
From John's about page, I can see that he lives in Monterey, California, and he went to Harvard-Westlake School. You don't know it now, but this will give us an even more massive amount of information later. Like addresses. This is where the tutorial gets interesting, so keep your ears on your head and listen up!
Now this is where we cross the line between the internet, and the real world. Taking information from the internet, and finding out where it is in real life. To find addresses, we will use the name, John Smith, that we investigated on Facebook. We will use a website called White Pages (whitepages.com) to look up this name and see what addresses are connected to it.
In our white pages search box, we put the name as John Smith, and the location as Monterey, California, as found on John's Facebook profile.
This was the result:
When we click on the little address icon, it will open a page with the address of Mr. Smith. I have edited out the actual credentials of Mr. Smith for his safety but here is a little picture of the surrounding page.
Here is the page that appears when you click the icon. I have edited out the age, picture of location, and address for the safety of John Smith.
Congratulations! You have learned the core basics of doxing and are ready to go out into the world with your new skills! I encourage all of my readers to use the information I have given you to protect your online identity. Don't post your city on Facebook and try not to post anything you don't want the internet to see. Make sure your usernames are not always the same and stay on your toes! Thank you so much for reading this article and please comment if you have any questions! :D
Want to help support Null Byte and start making your own money as a white hat hacker? Jump start your White-Hat Hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from Ethical Hacking Professionals.