Downloading high resolution images from Untrusted sources safely

I will get straight to the point: I use this extension for workarounds so you’ll need to download it onto your browser to proceed in this manner.

1. Right click on the target image and select “Open image in new tab”
   
   

   Screenshot from 2024-02-19 18-52-46969×351 453 KB
2. Click on the image to make it overflow your screen.
   
   

   Screenshot from 2024-02-19 18-53-291298×651 1.2 MB
3. Select “Entire Page” in Nimbus and wait a moment.
   
   

   Screenshot from 2024-02-19 18-55-01622×554 321 KB
4. Click “Done”
   
   

   Screenshot from 2024-02-19 18-55-451220×652 914 KB
5. Choose “Save as Image”
   
   

   Screenshot from 2024-02-19 18-56-13758×454 149 KB

This method is a workaround and just only works if the website you are accessing cannot attack your machine, allowing you can succssfully complete step 1. It might take a moment to download a image, you will really need a reliable source if you want to download multipl images.

You can use same technique with other extension as well, like this one for free using.

TL;DR: This post is a scam.

If the sources are untrusted, I would never visit them. Then can you explain how can you view the images (by right click and open in new tab) without visiting them?

Next, how you call it “safely” if you have to install a brower plugin from 3rd party without knowing its source code?

Finally, you get higher resolution by taking screenshot of zoom-in picture for sure, but the quality is not different to just using the original picture and zoom it with the image viewer. So your higher resolution pictures are useless.

@otaku_professor

What you have tried to explain here is a bit of a tinkering. As an IT developer, you should develop an app that handles the “copy” or “download” task. Also from an “unsafe” side. So far I could remember that your favorite programming language is JAVA and I have a tool called ImageLab (written in Java/JavaFX) that does the manual work just like you do (see images). Furthermore, your operating system is LINUX (Ubuntu) and under LINUX there are enough free imaging apps to download, but in my own experience, all the imaging tools I know of don’t cover everything, such as:

• Insert an image into another image
• Merge an image with another image
• blur an image (completely or partially)
• Change pixel colors
• Make background transparent
• Download images from any website
• Crop an image
• etc.

This ImageLab app consists of 3 sources (ImageLab, LabTools and WebImageIO) + some icons. If you (or other members) like it, just put your email address in my DNH inbox and I will send you the ZIP file of this package.

ImageLab_11025×598 115 KB

ImageLab_BBC839×537 81.3 KB

ImageLab_Blurring839×537 74.9 KB

ImageLab_Insert839×537 81 KB

1. As i mentioned at the end of the article,
   “This method is a workaround and just only works if the website you are accessing cannot attack your machine, allowing you can successfully complete step 1”
   This mean that step 1 is crucial; if you don’t trust the website, of course you should not visit it. Here, “untrusted sources” mean you don’t know the source of the image was reliable and can’t verify whether those images are safe, NOT the website itself. If the website is shady and might contain malicious within images (which take effect after you downloaded it), this workaround can be applied. However, if the website itself contains malicious code, you would already at risk at the moment you visit the website.
2. I choose an official browser extension from Chrome Store, which already been used by millions people, NOT from some shady source. It’s worthy of trust and use even though i can’t see its source code.
3. You’re right, that’s was my mistake. I should have said “full resolution” instead of “high resolution”. I can obtain the full resolution of an image when i can identify the “src” attribute of an HTML tag (Not being block by website when fetch data ), which step 1 did. If you download from the website itself or use some -third-party tool, in many case, you might not be able to get “full resolution” of the image due to some restrictions (the website prevents you from downloading the full resolution, prevents you from seeing the source of image, or some restrictions of from the tool you are currently using, or just simply you don’t have brave to be at risk because download from source you don’t trusted). Access the source of an image is a good way to manipulate it. From there, you can inject some CSS to make the image appear the way you want and then take a screen shot of it. If you want a “high resolution”, you must first have the “full resolution” of the image and then use GIMP or similar tools to increase the resolution of the image.

TL;DR: This post is a scam.

That’s so rude, as i emphasized in the article, this method just is a “workaround”, not was standard way to download images. It’s can circumvent almost cases but still some exceptions, because its nature as a “workaround”. If you think this approach was wrong, feel free to disregard it. I did not title is “How to…” precisely because it’s not a universally applicable solution after all .

Very well explained !

The @Stanley00 's point is the image is already downloaded (and store in your browser cache) at the time you visit the website. If you can view it, it’s downloaded. Therefore, if it contains malicious, your machine is infected.

Exploits designed target vulnerabilities of the browser itself are difficult to completely rule out, it’s hard to say 100% its can not be exist, even though content render by browser typically sandboxed and isolate from critical parts of the system. While such vunerabilities are generally rare, especially in newer version of browsers, they can technically still occur under certain conditions.I acknowledge that’s my oversight in this matter. After all, no solution can cover every scenario when its come to security.

Sounds FUN, i’m never thought about it like that, i made this Python code technically does same thing as the browser plugins i mentioned:

from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.common.action_chains import ActionChains
from selenium.webdriver.chrome.options import Options
from PIL import Image
import io
import os

css="""

::-webkit-scrollbar {
    display: none;
}
"""
js=f"""
const thumb=document.createElement('style')
thumb.type='text/css'
thumb.innerHTML=`{css}`
document.getElementsByTagName('head')[0].appendChild(thumb)
"""
def merge(width, height,exceedW, exceedH, frame, incW, incH):
	result= Image.new("RGB", (width,height ))
	x, y=0,0 
	index=0
	print("-------------------")
	while(pos(x, y, width, height, incW, incH)):
		if x+incW>width and y+incH>height:
			result.paste(frame[index].crop((incW-exceedW, incH-exceedH, incW, incH)), (x, y))
		elif x+incW>width:
			result.paste(frame[index].crop((incW-exceedW, 0, incW, incH)), (x, y))
		elif y+incH>height: 
			result.paste(frame[index].crop((0, incH-exceedH, incW, incH)), (x, y))
		else: 
			result.paste(frame[index], (x, y))

		x,y =pos(x, y, width, height, incW, incH)
		index+=1
	result.save('Done.png')

def pos(curW, curH, width, height, incW, incH):
    if curW<width-100:
        return (curW+incW, curH)
    else:
        if curH>height-100:
            return None
        return (0, curH+incH)

sizeX, sizeY=1000, 1000# Define size for window here, the more its large, the more faster take picture, but should not exceed size of image target
chrome_options=Options()
chrome_options.add_argument("--headless")
chrome_options.add_argument(f"-window-size={sizeX}, {sizeY}")
chrome_options.add_argument('--proxy-server=123.456.789.123:1234')
chrome_options.add_argument("--user-data-dir=./store")
chrome_options.add_argument("--safebrowsing-enabled")
# chrome_options.add_argument("--disable-javascript")

driver= webdriver.Chrome(options=chrome_options)

path="http://127.0.0.1:5500/index.html"# Define path to image here
driver.get(path)
image= driver.find_elements(By.TAG_NAME, 'img')
width, height=0, 0
if image:
	ActionChains(driver).move_to_element(image[0]).click(image[0]).perform()
	height=int(image[0].get_attribute('height'))
	width=int(image[0].get_attribute('width'))
driver.execute_script(js)
driver.execute_script(f"window.scrollTo(0,0);")

num=0
x, y=0, 0
exceedH, exceedW=0, 0
frame=[]
first_x, first_y=0, 0
stateProcess=-1
while pos(x, y,width, height, sizeX, sizeY):
	if int((y/height)*100)>stateProcess:
		stateProcess=int((y/height)*100)

		os.system('clear')
		print(f"Process {stateProcess}%")
	x, y=pos(x, y, width, height, sizeX, sizeY)

	screenshot_as_png= driver.get_screenshot_as_png()
	screenshot= Image.open(io.BytesIO(screenshot_as_png))
	frame.append(screenshot)
	if first_x==0 and x+sizeX>width:
		exceedW=width-x
		first_x+=1
	elif first_y==0 and y+sizeY>height: 
		exceedH=height-y
		first_y+=1
	driver.execute_script(f"window.scrollTo({x}, {y});")
print("Merge...")
merge(width, height, exceedW, exceedH, frame, sizeX, sizeY)

driver.quit()

print(f"Done!")

From someone who cares about exploitation of image files, I would expect much more from you. Here’s a link that can help you open your eyes: https://www.kaspersky.com/blog/dangerous-chrome-extensions-87-million/48562/

Another homework for you: try research the popular of web browser exploits by images vs native OS image viewer exploits

PS: your explanation still make not-so-much-sense, and it’s not that well as someone said

Right. I realized my problem here, Thank, I will more carefully for my future topic.

@otaku_professor Great, man!