Location tracking using Google Authenticator ID
- Go to https://docs.google.com/document/
- Create a document
- Click share and then click inspect element (Network Tab)
- Add a user with any email address. Don't send the invite
- Check the Network tab and inspect the network request for Fetch/XHR and search 'lookup'
- Scroll to the bottom and copy the 'X-Goog-Api-Key', also copy the autherisation: SAPISIDHASH (Headers tab)
- Edit the tampermonkey script in the files with the 'X-Goog-Api-Key' and SAPISIDHASH near the top of the file.
- Don't share these to anyone
- Then go to https://clients6.google.com
- Type in the email address
- Now you can go to google maps at https://www.google.com/maps/contrib/1234567/reviews Replace the number on the end with the extracted number from the email.
Thanks to https://github.com/pentestfunctions being the first person I seen do this.