Listen to this Post

Introduction:
Every time you share a link from platforms like TikTok, Instagram, or Google Drive, you may unknowingly embed a digital fingerprint that reveals your identity. ShareTrace is a powerful OSINT tool that extracts these hidden identifiers from share links across 12 major services—rebuilding functionality that was previously deleted and now adding fixes for modern platforms such as ChatGPT, , and Perplexity.
Learning Objectives:
- Understand how share links can leak user identity through tracking parameters and unique tokens.
- Deploy ShareTrace and manual OSINT techniques to de-anonymize shared content from 12+ platforms.
- Implement defensive measures to strip tracking identifiers and protect your own shared links.
You Should Know:
- ShareTrace Deep Dive: How It Works and Installation
ShareTrace exploits the fact that many platforms embed user-specific identifiers (like user IDs, session tokens, or referral codes) directly into share URLs. When someone clicks a shared link, the platform can trace it back to the original sharer. This tool automates the extraction and, in some cases, uses API lookups to reveal associated account names or emails.
Step‑by‑step guide to install and run ShareTrace:
Linux (Debian/Ubuntu):
Clone the rebuilt repository (replace with actual repo if public; use known fork) git clone https://github.com/username/ShareTrace.git verify actual URL from the LinkedIn post cd ShareTrace Install Python dependencies pip install -r requirements.txt Run the tool python sharetrace.py --url "https://tiktok.com/@example/video/123456789"
Windows (PowerShell with Python):
Ensure Python 3.8+ is installed git clone https://github.com/username/ShareTrace.git cd ShareTrace python -m pip install -r requirements.txt python sharetrace.py --url "https://discord.com/channels/123/456"
If the original repo is deleted, you can manually analyze share links using `curl` and regex:
Extract redirect chain and headers
curl -Ls -o /dev/null -w "%{url_effective}\n" -D headers.txt "https://lnkd.in/dXDxHhdT"
cat headers.txt | grep -i "location|set-cookie"
2. Platform‑Specific De‑Anonymization Techniques
Each platform encodes identity differently. Below are verified methods for extracting user info from share links:
TikTok:
Extract user ID from share URL curl -s "https://www.tiktok.com/@username/video/123456789" | grep -oP '"uniqueId":"\K[^"]+'
Instagram:
Use Instagram's oEmbed endpoint to get author data curl "https://api.instagram.com/oembed?url=https://www.instagram.com/p/Cxample/"
Google Drive:
Drive share links often contain the owner's email in metadata Use gdrive CLI or API gdrive info --id "1ABCDEFghijklmnop" | grep "Owner"
Discord:
Extract invite code and query Discord API curl "https://discord.com/api/v9/invites/abc123?with_counts=true"
Telegram:
Use Telegram Bot API to resolve t.me links curl "https://api.telegram.org/bot<YOUR_BOT_TOKEN>/getMe" Then parse share link redirect
3. Linux Command‑Line OSINT for Link Forensics
Manual analysis is critical when automated tools fail. Use these commands to trace share links and extract metadata:
Follow all redirects and show final URL
curl -L "https://lnkd.in/dXDxHhdT" -w "\nFinal URL: %{url_effective}\n"
Extract query parameters (potential user IDs)
echo "https://example.com/share?user=123&token=abc" | grep -oP '([?&][^=]+=\K[^&]+)'
Check for tracking pixels or hidden iframes
wget -q -O- "https://platform.com/share" | grep -E "img src=|iframe src="
Use `jq` to parse JSON APIs that return user info
curl -s "https://api.perplexity.ai/share?id=xyz123" | jq '.user_email'
Windows PowerShell equivalents:
Follow redirects (Invoke-WebRequest -Uri "https://lnkd.in/dXDxHhdT" -MaximumRedirection 0).Headers.Location Parse URL parameters $uri = "https://chat.openai.com/share?user=abc123"
4. Windows PowerShell Techniques for Link De‑Anonymization
PowerShell offers robust capabilities for analyzing share links without third-party tools:
Extract all URLs from a text file containing shares
Get-Content shares.txt | Select-String -Pattern 'https?://[^\s]+' | ForEach-Object {
$url = $<em>.Matches.Value
try {
$response = Invoke-WebRequest -Uri $url -Method Head -ErrorAction Stop
Write-Host "URL: $url -> Status: $($response.StatusCode)"
$response.Headers["Set-Cookie"] | ForEach-Object { Write-Host "Cookie: $</em>" }
} catch { Write-Host "Failed: $url" }
}
Decode Base64 parameters that might hide user IDs
$encoded = "dXNlcjoxMjM0NQ=="
Monitor clipboard for shared links and auto-analyze (real-time OSINT)
Add-Type -AssemblyName System.Windows.Forms
while ($true) {
$clip = [System.Windows.Forms.Clipboard]::GetText()
if ($clip -match 'https?://') {
Write-Host "New share link detected: $clip"
Call ShareTrace or custom analysis
}
Start-Sleep -Seconds 2
}
5. Protecting Your Own Shared Links from Tracing
To prevent your identity from being revealed when you share content, implement these hardening techniques:
Remove tracking parameters automatically (Linux/macOS):
Strip UTM and user-id parameters using sed echo "https://example.com/page?utm_source=twitter&user_id=123" | sed 's/?[^?]//'
Use a privacy-focused URL shortener (e.g., YOURLS with tracking disabled):
Install YOURLS locally and disable logging docker run -d -p 8080:80 -e YOURLS_SITE="https://short.link" -e YOURLS_HIDE_REFERRERS=true yourls
Create a redirect proxy with Apache/Nginx to strip headers:
nginx config to strip referrer and user-agent
location /proxy/ {
proxy_pass https://target-platform.com/;
proxy_set_header Referer "";
proxy_set_header User-Agent "PrivacyBot/1.0";
proxy_hide_header Set-Cookie;
}
Windows registry tweak to disable URL tracking in Edge/Chrome (group policy):
Disable hyperlink auditing (pingbacks) New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name "EnableHyperlinkAuditing" -Value 0 -PropertyType DWord
6. API Security Implications: How Platforms Leak Identity
Many platforms inadvertently expose user identity through poorly secured API endpoints. For example:
ChatGPT share links – Analyze the URL pattern:
ChatGPT share URLs like https://chat.openai.com/share/abc-123 The token may map to a conversation owner via internal API (requires auth) curl -H "Authorization: Bearer $OPENAI_API_KEY" "https://api.openai.com/v1/conversations/share/abc-123"
and Perplexity – Similar vulnerabilities exist:
Perplexity share endpoint (hypothetical but based on real patterns) curl "https://www.perplexity.ai/api/share_info?id=xyz" | jq '.owner_email'
Mitigation: Always implement rate limiting, token expiration, and require explicit consent before revealing owner details. For cloud hardening, use AWS WAF to block requests with suspicious share tokens:
AWS WAF rule to detect share link scraping aws wafv2 create-regex-pattern-set --name "ShareLinkScraping" --regular-expression-list "./share/."
- Mitigation and Ethical Use: Training for Blue Teams
Cybersecurity professionals should train to identify and mitigate share‑link leakage. Recommended training commands for lab environments:
Set up a honeypot share link to detect OSINT scanning:
Create a fake share link that logs all visitors (Python Flask)
from flask import Flask, request
app = Flask(<strong>name</strong>)
@app.route('/share/<id>')
def track(id):
with open('visitors.log', 'a') as f:
f.write(f"{request.remote_addr} - {request.headers.get('User-Agent')} - {id}\n")
return "Content not found", 404
Use ShareTrace ethically in penetration tests:
Only test links you own or have explicit permission to analyze python sharetrace.py --url "https://your-own-drive.google.com/share" --output report.json
Training course recommendation: Include modules on OSINT, API security, and privacy engineering. Use platforms like HackTheBox or TryHackMe rooms focused on information disclosure.
What Undercode Say:
- Share links are a massive blind spot in privacy—most users have no idea that clicking a “copy link” button also leaks their identity. Tools like ShareTrace demonstrate how trivial it is to de-anonymize shared content across mainstream platforms.
- Defensive strategies must evolve: URL shorteners, proxy redirects, and stripping tracking parameters should become standard practice for anyone sharing sensitive content. Organizations should audit their internal share link practices and implement WAF rules to block automated scraping attempts.
- The ethical line is clear: use these techniques for security research, bug bounties, and protecting your own privacy—never to harass or doxx individuals. As AI platforms like ChatGPT and become ubiquitous, their share link vulnerabilities will attract more attention from both researchers and malicious actors.
Prediction:
Within 18 months, major platforms will begin retrofitting their share link systems with ephemeral tokens that expire after first click or are tied to specific recipients, much like Signal’s “note to self” links. However, the cat-and-mouse game will intensify: OSINT tools will adapt by using browser automation to simulate legitimate clicks and capture identity before token expiry. Meanwhile, regulations like GDPR 17 (right to erasure) will force platforms to disclose what identifiers are embedded in share links, leading to a new wave of compliance tools. Ultimately, the future of sharing lies in decentralized, anonymous protocols (e.g., IPFS + OrbitDB) where the very concept of a “share link” no longer depends on a central authority that knows who you are.
▶️ Related Video (82% Match):
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Syed Muneeb – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


