Reply to Re: Web Page Screenshot

Your name:

Reply:


Posted by Toby A Inkster on 04/15/07 08:06

mareeus@gmail.com wrote:

> Are there any ways I could get a screenshot of a web-page at a
> specific address in jpeg via php script?

If you have a dedicated server, then yes, this is possible. If not, then
the chances are you don't have the correct permissions set up to do so.

The basic technique (on a Linux server) would be to constantly run a second
X server instance as ":1", and have a browser, such as Mozilla or Opera
running full-screen on that display.

When you need a screenshot of a site, you just use PHP's system() function
to run the command which tells your browser to go to the correct web page.
Then have your PHP script wait for 10 seconds to give the browser time to
load the page up, then run ImageMagick's "import" command to take a screen
shot of display :1.

Be aware though that this can be used by evil crackers as a proxy. Say for
example, you have a script which takes screen shots of websites like this:

http://yoursite.example.com/shot.php?shot=http://example.net/

And say I'm trying to crack into example.net's site through an SQL
injection vulnerability. To exploit the vulnerability, I'd normally just
request the following web page:

http://example.net/search.php?q=';DELETE+FROM+users;

However, if example.net are smart, and have noticed me poking around their
web server trying to find a vulnerability, so they've blocked my IP
address. So what do I do?

http://yoursite.example.com/shot.php?shot=http://example.net/search.php?q=';DELETE+FROM+users;

And now, as far as example.net are concerned, it was *you* who hacked
their site.

So if you decide to implement such a feature, beware this security
problem. There is no "easy fix" for it, but I'd suggest things like:
respect robots.txt, disallow requests for screenshots of URLs that contain
a question mark, and log all requests (even log requests which you've
disallowed).

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux

* = I'm getting there!

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация