Sitting around and most certainly not using it for what you think I am, I put together two quick scripts to test hotlink protection. Typically, hotlink protect just checks for the client’s referer in the header, which should be the primary domain for the site. Anything other than that as a referer and the client gets redirected to some banal page saying not to hotlink. So let’s put together a scripts in Bash and Python. *yes, the files I was looking at were only padded one place
Python version
#!/usr/bin/python
import sys, urllib2
#ugly argument format: http://site.com /path/to/image 34 .extension
siteUrl = sys.argv[1]
dirUrl = sys.argv[2]
fileNum = int(sys.argv[3])
fileExt = sys.argv[4]
for i in range(fileNum):
print siteUrl + dirUrl + str(i+1).zfill(2) + fileExt #print the filename
req = urllib2.Request(siteUrl + dirUrl + str(i+1).zfill(2) + fileExt)
req.add_header('Referer', siteUrl) #add our local referer
try:
a = urllib2.urlopen(req)
except urllib2.URLError, e:
if e.code == 404: #make sure the file exists
continue
else:
#success, save the file
f = open(str(i+1).zfill(2) + fileExt, "wb")
f.write(a.read())
f.close()
Bash version
#!/bin/sh
BASE=$1
DIR=$2
NUM=$3
EXT=$4
for ((i=1; i<=$NUM; i++));
do
wget --referer=$BASE $BASE$DIR`printf %02d $i`$EXT
done