If you do a lot of web-based OSINT research like I do, you’ve most likely conducted username searches using a powerful tool like https://whatsmyname.app that scurry out onto hundreds of websites in search of profiles bearing the username you’re interested in. In doing so, you may have come across CashApp user pages that usually bear a few common things: a cashtag (username), a display name, and most of the time… a seemingly useless QR code.
Or is it?
You see, while it is the case sometimes that the account holder hasn’t actually populated a profile photo, and therefore just displays a QR code, recently I noticed that the web version of profiles seems to display QR codes even when a profile photo is actually present for the mobile version of the account. Finding the photo (if one exists) from the web is quite simple if you know to look for it, and I’ll give you 2 different ways of doing it…
Note for the extra tenacious investigators out there: While what I’m going to show you works on the CashApp website, the thought process and application may be something you find useful elsewhere in your work too. Be curious, and see where it leads you!
Option 1 – Get Your Hands Dirty
The first, and more manual way, is to go to a profile page like https://cash.app/$JaneDoe (I made this one up so we’re not actually showing someone real here), and drill down in the source code of the page to the place where the profile photo is hiding, should one exist. I’m going to explain this as a Chrome user by the way, and yes, I am well aware of all the “Chrome sucks!” drums that some people like to beat for anyone that will listen.
Start by right clicking somewhere on the QR code and selecting “Inspect” from the menu of options that appear. This will open your browsers developer tools so you can have a look under the hood. The line you’re dropped on will be just a few above the one you’re actually looking for. Look down a few lines for the words:
<div class="mobile-only">
Expand this section by clicking the little triangle to the left of the line and keep doing this for the subsequent drop-downs that appear until you see (if one exists for the profile you’re on) a line that reads:
<img src="https://____________________________________.jpgNow you can right click on the hyperlink for where the image is being delivered from in CashApp’s content delivery network (CDN), and open it in a new tab to view! Hovering over the hyperlink will show you a preview as well. It looks like this:
Great success!! (just kidding, I hated the movie Borat)
Option 2 – The Easy Button
I’m willing to be that several of you are smart cookies and probably thought of this second option as soon as you started reading the first one and saw “mobile-only”, but for the rest of us who just mash keys for a living, perhaps it wasn’t super obvious…
Open your developer tools using “Inspect” or a hotkey, then leverage that little icon near the top left corner of those developer tools to toggle your browser right on over to the mobile view. (This is something we use in OSINT all the time when we know that the display and/or functionality of a site will change to our benefit. I’m looking at you, Instagram follower lists!) Simply clicking that little button takes us right on over to the mobile view for CashApp and immediately confirms the presence of that image we’re looking for, without the need to invest our hard earned free time for the extra clicks!
Use this “mobile view” method first, and then take all the time you’ve saved to instead click share on this blog post. #shameless