Amazon Users’ info Crawler
Another weekend and another crawler. This time it is not emails, but nonetheless interesting data from a big gadget store.
Surfing through the site for gadgets, I found that Amazon has some interesting Profile data about it's users such as location, date of birth, wish list, interested persons list, reviews done to gadgets, etc ...
Looking at the URL it was obvious that this could be automated to obtain most, if not the entire list of amazon users. As it turns out a simple Google search with
site:http://www.amazon.com/gp/pdp/profile/
Once I saw that, it was just a matter of writing a small script to harvest all the profiles out of Google and then parse each individual profile for useful information, as it is shown on the screenshot below where it is shows how simple is to gather information such as user location.
Once I had a proof of concept done. I started to think how could I use this data, besides the fact that is a simple info disclosure from the part of amazon.
As you might imagine I'm always on the hunt for new ways to improve ESearchy info gathering. I've reached a limit into how many emails or new persons I can easily get for free online. Because of these, lately, I have changed/expanded the searches from adding more persons to adding more detailed information about each individual target. First it was the profiling option on esearchy that searches within each users profile for other social networks, friends/co-workers, photos, or personal sites.
Having this now, I thought that we could expand the information to shopping information offered on the profiles, such as the wish list, the reviewed items --which is almost sure that they own such item--, etc ..
So what if we wanted to target each individual target, we could crawl the entire google results DB one and store that into an offline DB, and or look for a way to search for individual persons from this results. What if we take the persons name obtained from LinkedIn, Spoke, etc and add that to our Google Search parameter.
site:http://www.amazon.com/gp/pdp/profile/ Susan Emery
That will easily return only a few results for which we could use some kind of partial regular expresion with percentage for completeness and take a huge leap into saying that both persons are the same and that those are the times that he/she wants.
So there it goes, more possible useful information that will allow us to generate even better and more targeted attacks against a particular person.
Happy Hacking
Proof of Concept Code:
