gallery-dl icon indicating copy to clipboard operation
gallery-dl copied to clipboard
verified publisher icon mikf

[Site Request] leakedzone

Open raihanirfan opened this issue 6 months ago • 14 comments

https://leakedzone.com/

hi can you add this website. thanks

raihanirfan avatar Jun 14 '25 02:06 raihanirfan

Please could anyone make a plugin for this website?

nightcrawlereto avatar Jun 30 '25 00:06 nightcrawlereto

Mikf, how do I make a plugin for this? Do I just make the python code and drop it in the extractor folder and gallery-dl would just load the python code or do I have to do something else?

zone559 avatar Jul 22 '25 02:07 zone559

You can drop an extractor module file in a folder and use -X, --extractors PATH or extractor.module-sources to load it when running gallery-dl.

To add native support, you should run scripts/init.py and use the files it creates / modifies.

python scripts/init.py leakedzone https://leakedzone.com/

mikf avatar Jul 22 '25 04:07 mikf

Mikf

I was able to scrape JSON data for user profile, but I was not able to download pictures or video, it seem like images and video url might need signature on them which is beyond my scraping abilities.

https://gist.github.com/zone559/f9c1491739d42bacf9e53a674e978643

example json data

Picture:

{ "id": 1229661, "slug": "1f1a3766a38eb21b501c8f1c1770e7a1", "status": 6, "image": "images/2965/1229661/1f1a3766a38eb21b501c8f1c1770e7a1.jpg", "banner": null, "stream_url": null, "published_date": "2022-03-31 05:10:00", "origin_url": "/leak-completed/1f1a3766a38eb21b501c8f1c1770e7a1.jpg", "model_id": 2965, "created_at": "2022-03-31T05:10:00.000000Z", "updated_at": "2025-07-05T20:00:13.000000Z", "count_views": 35256, "type": 0, "guid": null, "server": 0, "info": null, "thumbnail": "https://image-cdn.leakedzone.com/storage/images/2965/1229661/1f1a3766a38eb21b501c8f1c1770e7a1_300.jpg", "stream_url_play": "", "get_id": 1229661 }

Video:

{ "id": 1838096, "slug": "57ebc064264e5846285536444cc1e16e", "status": 6, "image": "2965/1838096/preview.webp", "banner": "2965/1838096/thumbnail.jpg", "stream_url": "sdb56/leak/2965/1838096/index.m3u8", "published_date": "2022-05-24 16:10:18", "origin_url": "/leak-completed/videos/57ebc064264e5846285536444cc1e16e.mp4", "model_id": 2965, "created_at": "2022-05-24T16:09:42.000000Z", "updated_at": "2025-07-16T10:47:52.000000Z", "count_views": 35134, "type": 1, "guid": "79b62a63-6be7-493b-8b66-1f74325c8886", "server": 12, "info": { "can_dl": 2 }, "thumbnail": "https://image-cdn.leakedzone.com/storage/images/2965/1838096/thumbnail_300.jpg", "stream_url_play": "VSRVp0lMunlAT1H6sJHTaJkMMtkdnpFe2QURw1jMnl2cmEmNhJmY2UTYycjZwczMxAjM2czN3IWMxcTY2MzNhJmMyEWOxcDZxATYhZGOjJzY0ImM5EDZ1YmYyYmY0UTYiZTPnl2cmYDNykzMyMTN3ETPl1Wa09DO1NTbuYTOwgzM4EzL4U3Mt9SbvNmLl52b6RWZrFWZs9yL6MHc0RHaRotVg2USNNK8mVLG", "get_id": 1838096 },

zone559 avatar Jul 23 '25 01:07 zone559

Image URLs are just

f"https://image-cdn.leakedzone.com/storage/{image}"

it seems, so https://image-cdn.leakedzone.com/storage/images/2965/1229661/1f1a3766a38eb21b501c8f1c1770e7a1.jpg for your example.

Video URLs and their signature are indeed a lot more complicated. The player uses JW Player 8.26.0, so maybe there's some code out there to "decrypt" and sign its URLs.

mikf avatar Jul 23 '25 08:07 mikf

The f("...") return value for file yields the full, signed URL:

              playerInstance.setup({
                advertising: advertising,
                file: f("wTrshX8NdWEm7tBH==gUohkbVJkMSpHZ3FlaWR3S9IzZpNnJkdjZ5UmYxQzN3QWOxQDMllzMjlTMmJTOlVzYjFmYkFTOldjYxQWMhljYiBDZ1UGN1MjYzIjM3Y2MkRWOzQGZ40zZpNnJ4cTOzYjMzUzNx0TZtlGd/gTdz0mLxkTM1MTM4EzL4U3Mt9SbvNmLl52b6RWZrFWZs9yL6MHc0RHaGInbmaoQuSZoJUAK"),
                width: '100%',
                preload: 'metadata',
                aspectratio: '16:9',
                autostart: true,
              });

https://leakedzone.com/lillienue/video/18135191
https://leakedzone.com/m3u8/18135191.m3u8?time=1753263978&sig=8dd39dd3f7223b354e5d0bb9a1d1b7e91dbacc5e92f19c39e0419d7741be9f7d&sig2=KtVjQwdzR2BUnHhR

We just need to figure out what f() does,

mikf avatar Jul 23 '25 08:07 mikf

What I found out, idk if its helpful,

Video Player Script Source: https://ssl.p.jwpcdn.com/player/v/8.26.0/provider.hlsjs.js

Request Initiator Chain:

https://leakedzone.com/lillienue/video/18135191 https://image-cdn.leakedzone.com/js/jwplayer8.26.js https://ssl.p.jwpcdn.com/player/v/8.26.0/provider.hlsjs.js

M3U8 Playlist: https://leakedzone.com/m3u8/18135191.m3u8?time=1753304860&sig=276941915f1db0580ea975cb4d7399416d2b71e0bf39cf3f5c1e182f819c8b43&sig2=WdVXADvjh4LLvQCD

Video Segments (TS Files): https://cdn56.leakedzone.com/sdb56/leak/15647/18135191/index0.ts?secure=iOHn_b0zcXgE0zEvjIFMmg==,1753306068 https://cdn56.leakedzone.com/sdb56/leak/15647/18135191/index1.ts?secure=8Z3OMDRFmPPf8f4i4-LoWQ==,1753306068 https://cdn56.leakedzone.com/sdb56/leak/15647/18135191/index2.ts?secure=wBT8fPplbWTJ_TaE7MYgEg==,1753306068 https://cdn56.leakedzone.com/sdb56/leak/15647/18135191/index3.ts?secure=kRlFOKIgzGp-hg5XOze3jg==,1753306068 https://cdn56.leakedzone.com/sdb56/leak/15647/18135191/index4.ts?secure=TlyLkiFhbLP2uZFJtuVodg==,1753306068

JS URL Discovery:

The JavaScript file (jwplayer8.26.js) provides the M3U8 link—usefulness unclear.

Also found this in the element:

So this code is able to decode the m3u8 url, it is missing time, sig, and sig2 https://gist.github.com/zone559/187beda2c9004060b349fc564e1b05a9

zone559 avatar Jul 23 '25 20:07 zone559

I'm currently looking into PR https://github.com/mikf/gallery-dl/pull/5547 and videos on hotleaks.tv use the exact same player and URL encryption / obfuscation scheme as here.

mikf avatar Jul 24 '25 17:07 mikf

hotleak.vip also uses the same player (and hosts content that isn't on hotleaks.tv)

williamdotio avatar Aug 09 '25 20:08 williamdotio

hotleak.vip also uses the same player (and hosts content that isn't on hotleaks.tv)

The problem isn't with the video player itself—it's with the URL used to fetch the video file. When you click play, the player generates a temporary URL that expires after a few seconds. This is why downloads fail: the URL becomes invalid shortly after it's created.

To fix this, we need to: Understand what triggers the player to generate the URL in the first place. Mimic that process ourselves so we can always get a fresh, valid URL instead of an expired one.

zone559 avatar Aug 14 '25 21:08 zone559

Perhaps the official jwplayer documentation can shed some light?

https://docs.jwplayer.com/platform/docs/platform-welcome https://sdk.jwplayer.com/android/v4/reference/index.html

It gets very detailed at times but is above my skill level.

williamdotio avatar Aug 22 '25 15:08 williamdotio

Perhaps the official jwplayer documentation can shed some light?

https://docs.jwplayer.com/platform/docs/platform-welcome https://sdk.jwplayer.com/android/v4/reference/index.html

It gets very detailed at times but is above my skill level.

I wish it were that easy. However, if a site owner pays to protect their content, it becomes significantly harder for users to bypass the security. You can learn more about how this protection works at the following link: https://docs.jwplayer.com/platform/docs/protection-enable-url-token-signing

zone559 avatar Aug 22 '25 21:08 zone559

hotleak.vip also uses the same player (and hosts content that isn't on hotleaks.tv)

Are all three sites not just the stuff scraped from coomer party? They even use the same icon across all three sites.

github-account1111 avatar Dec 10 '25 15:12 github-account1111

hotleak.vip also uses the same player (and hosts content that isn't on hotleaks.tv)

Are all three sites not just the stuff scraped from coomer party? They even use the same icon across all three sites.

Nope. I'd really like to know where they get their content from but it certainly is not coomer.

williamdotio avatar Dec 10 '25 15:12 williamdotio