New Version: Image Location & Privacy Scanner v0.4

I have completed another update of the Image Location & Privacy Scanner, a plugin for Burp or OWASP ZAP security proxy tools. More camera types have their serial numbers detected. With some Panasonic camera, it will also give the name and age of the person in the image using the camera’s facial recognition software. Talk about exposure. You can read the previous post on this software and the pptx presentation at this link.

Example Finding from Burp

Version 0.4 of the Image Location & Privacy Scanner software is already available in the Burp BApp Store App Store (Extender Tab). Just enable or update and images will be passively scanned. One of these days, I’ll get this update software into ZAP‘s alpha channel (v0.2 is there now). In either case, you can find the code on GitHub.

Send feedback as a GitHub bug report, via a tweet, or email.

Changes since v0.3

  • Updated to MetaData Extractor 2.10.1 & XMP Core 6.1.10
  • Some XMP support removed as XMP tags weren’t correct in some cases. Those tags will be introduced again in a future version
  • Removed legacy jar dependencies
  • Build process is now Gradle only, Makefile is dead
  • Added display of camera serial numbers for Leica, Reconyx Hyper Fire, Reconyx Ultra Fire
  • Now shows name and age of facial recognition in Panasonic cameras

Command Line Example

Facial detection of “Niels” with his age.

If running the Image Location & Privacy Scanner from the command line outside of Burp or ZAP, the output might look something like this.