This guide will demonstrate how OSINT practitioners can conduct Research and Investigations on TikTok, to identify users and extract data suitable for evidential presentation. I will be demonstrating solutions utilising both TikTok and sites using the TikTok API, as well as additional sources to present Intelligence. At the end of the guide, you will know how to extract user data, profile pictures, videos and who has commented on videos, as well as a user's network (who follows them and who they follow).
Locating a Profile by Username
To present Intelligence from TikTok, you will first have to locate a relevant user profile. This can be done via a few methods. If you already have Intelligence that provides you with a TikTok username, then this is easy. Simply enter in the URL: https://www.tiktok.com/@Username. For this demonstration, this could be https://www.tiktok.com/@terrycrews to link directly to the profile of Terry Crews. Alternatively, if you need to find a user without their Username, then you can search via the API on one of the two options explained below.
Extracting User Data
Once on a User Profile, you can see a Nickname, the large text stating “Terry Crews”; the user ID, here showing “@terrycrews” and a potential Verified Badge, if the user is recognised by TikTok as a verified user. You will also see the number of followers, followings and hearts given, which represent how many ‘likes’ a user has received in total for their videos. However, these numbers are rounded when displayed on a profile. Finally, you can see a signature, which shows that Terry loves Yoghurt. When presenting data evidentially, it’s best to always demonstrate data as exact as you can be. It is possible to see the exact figures from TikTok by looking at the page source. Type Ctrl + U or right-click on the page and click “View Page Source”.
In a similar way to Facebook, each user has an ID, which can sometimes be seen in a URL or alternatively a Username or Vanity Name can be seen instead. The Username is what is seen in the URL for Terry Crews. However, this does not mean that Terry no longer has a User ID. Using Ctrl + F in the “View Page Source” window, we can search for “userId”. This will show us any users User ID number. For Terry, this is shown below as "userId":"6746264168812659717". Following this, you can also see the Username, Unique ID, signature, etc.
As well as the User ID’s you can also see the number of followers, following, as well as the number of hearts and videos. Here though, the number is exact and not rounded. This is the data that should be used evidentially, along with stating the date this infomration was found.
Extracting a Profile Picture
Subject profiles or dossiers should always include a picture of the subject where available. If TikTok is your primary source of an image, then you want to be able to extract a full-size image. To do this right-click on the image and click “Inspect”. Alternatively, Ctrl + Shift + U will also open up the same new sub-window called Dev Tools. Dev tools will open directly in Elements. By clicking on the image first, this should highlight the profile image as the Element we want. We can Copy this and we will be presented with text such as “<div class="_user_header_cover" style="background-image:url(https://p16.muscdn.com/img/musically-maliva-obj/1647764540602374~c5_720x720.jpeg)"></div>”. Extracting the URL "https://p16.muscdn.com/img/musically-maliva-obj/1647764540602374~c5_720x720.jpeg" will show us the full size profile picture. This URL is what you will want to include as a Source of the image in any subject profile or dossier. A full-size Image is also much better for Reverse Image searching. So searching this URL via Yandex or Google images will bring back a much better result than any smaller representation of the image.
Extracting comments and users who have commented on a video.
To extract comments or the names of individuals who have commented on a video posted on TikTok, you need to identify your video. Open up Dev Tools again, as instructed above via right-click and selecting “Inspect” or Ctrl + Shift + U. Once in this sub-window, you need to select “Network" along the top, rather than Elements. Now you need to open your target video by clicking on it.
Within the Network results, some fields will appear when you open the video. The one starting "list?id" is the result that we are looking for. Clicking on this option will open up a new window with 5 options along the top from Headers to Timing. If you select the Response option you will see some text. You need to select all of this text and copy it.
The copied text can be pasted anywhere for you to read it, however, with a Github tool called Cyber Chef, we can make it much easier to read. Firstly, open up https://gchq.github.io/CyberChef/ and on the left-hand side under Operations search JSON Beautify, which you can select by double-clicking or dragging to Recipe. By pasting the copied text into Input, the Output box will automatically be updated with clearer text. Scrolling down through the Output you will see User Id's for each person that commented on the video, followed by their name, nickname and comment.
You will also see a timestamp, shown in the above image for SeanDoesMagic as "1572454292". This does not necessarily make obvious sense as a time stamp. However, this is a UNIX timestamp. If you wish to show this evidentially you will need to translate this to a more clear number format, which you can also do within Cyber Chef. You need to replace JSON Beautify in the Recipe section with From Unix Timestamp. Pasting the timestamp into the Input box will show you the UTC conversion.
Finding a User and Extracting a Video
The website https://tiktokapi.ga/ allows you to search TikTok via the API. This allows you to search TikTok users by name, search by hashtags linked to videos and to view videos. The most difficult part of this site is getting past the Captcha, which unfortunately always takes me multiple attempts. You can log in via the Anon Mode option, to save you having to create an account and maintain your anonymity.
This site is great for locating a user if you don't know their handle/ Username. Selecting User Search in the left-hand menu allows you to search via any name. Searching for "Terry Crews" not only brings back the verified profile but any others with "Terry Crews" within their Username.
You can download a TikTok video from multiple sites, such as sites like Youtube Downloader. However, it's bad practice to use these sites evidentially, as you can't explain the process for downloading the video as you haven't done it yourself. However, you can download any video found on https://tiktokapi.ga/ for yourself. First, right-click and select Inspect. You may notice here that you can't save directly as a video, only as an Image. Much like when downloading the profile picture, opening Dev Tools via the video will open it showing the video section of the page highlighted. Scroll up very slightly until you see a long URL, it should start "videolink="http://v19.tiktokcdn.com".
Highlight and copy this text and it will contain a URL for the video. From the pasted result, extract the URL and past it into your window. This will take you to a web-page featuring just the video you want. You can now right-click on the video and save it directly to your computer. This URL is the one that you will need to present in your written report as your Source.
Extract followers and followings
Finally, you may want to know who a user Follows or who is Following them. The easiest way to do this is via https://vidnice.com/. The search bar allows you to search for users or hashtags in a similar way to https://tiktokapi.ga, so is a great alternative for discovering users and doesn't have the tricky Captcha. The standout feature of Vidnice though is discovering the network of individuals linked to a user. Along the top of any selected profile, it shows the number of followers and followings.
Selecting one of these options will show you who the user follows and who follows them. From https://www.tiktok.com/@terrycrews, all we can see is that Terry follows 4 users. However, from https://vidnice.com/ we can see which 4 users Terry follows. You can now record these names in any report or profile that you create for your investigation. If you need to record a large number of individuals within a network you can use an Add-on to export all links within the page, as explained within my OSINT course.
Conclusion
You're now in a position where you can successfully locate a user via TikTok and extract their profile picture in full size, any videos, comments on a video as well as who has commented, exact numbers of hearts and followers, and all of the individuals in their network. You also know how to present this data evidentially as well as how to explain the processes that you've learned.
To learn more OSINT techniques, check out my Udemy course Open-Source Intelligence (OSINT) - Tools & Techniques at https://www.udemy.com/course/osint-tools-techniques/?referralCode=BD7DF4109D30E50B9BDD.
