Uncategorized

Hack Safaribooks video downloads

I have a safaribooks account. A few hours back, I was going through a video series on safari & I thought I should download it for offline reference. Makes it easier to study.

But there is no option to download videos! That sucks on part of Safari. They expect users to be online to be able to watch the video packages? wtf!

I decided to take a look at the site just to make sure the option is not hidden somewhere. Nope. No download option for videos. Fast forward a 10-15 minutes, I find myself checking the source code; crazy amounts of AJAX code in there.

After another 15 minutes or so, here I am, watching the videos offline & writing this post.

I followed through post AJAX, carefully looked at the site & the options available for us, the users; & identified a way. No ‘testing’ involved, just a knowledge of site & flow was needed. As of today, this is probably the ‘only’ way to download the undownloadable videos from Safari.

Please do note you or someone else needs to be a user – Individual or Corporate – for being able to ‘know’ the location of content on Safari.

Login to Safari & access the study resource.

Scroll down past the table of contents.

Switch to Mobile Version.

Proceed with ‘Start Watching’. Meanwhile, notice that the link to ‘Start Watching’ for this item is:

m.safaribooksonline.com/clip?isbn=XXXXX&linkid=a01

This is the next screen when you click on ‘Start Watching’.

The original request goes to m.safaribooksonline.com/clip?isbn=XXXXX&linkid=a01 which then redirects to the actual download link:

http://safari.vo.llnwd.net/kip0/_pxn=1+_pxI0=Ripod-h264+_pxL0=undefined+_pxM0=+_pxK=19616/mobile/s/BBBBB/a01.mp4?AccountId=XXXXX&UserId=YYYYY&e=1327343958&Fpid=BBBBB&ClipId=a01&source=mui&h=ZZZZZ&source=mui&e=AAAAA&h=ZZZZZ&ClipId=a01&AccountId=XXXXX&UserId=YYYYY&Fpid=BBBBB

You can now use FlashGet to download it.

For other parts of the video series, simply modify the parameters in the download URL:

http://safari.vo.llnwd.net/kip0/_pxn=1+_pxI0=Ripod-h264+_pxL0=undefined+_pxM0=+_pxK=19616/mobile/s/BBBBB/a01.mp4?AccountId=XXXXX&UserId=YYYYY&e=1327343958&Fpid=BBBBB&ClipId=a01&source=mui&h=ZZZZZ&source=mui&e=AAAAA&h=ZZZZZ&ClipId=a01&AccountId=XXXXX&UserId=YYYYY&Fpid=BBBBB

For video #2, the URL becomes:

http://safari.vo.llnwd.net/kip0/_pxn=1+_pxI0=Ripod-h264+_pxL0=undefined+_pxM0=+_pxK=19616/mobile/s/BBBBB/a02.mp4?AccountId=XXXXX&UserId=YYYYY&e=1327343958&Fpid=BBBBB&ClipId=a02&source=mui&h=ZZZZZ&source=mui&e=AAAAA&h=ZZZZZ&ClipId=a01&AccountId=XXXXX&UserId=YYYYY&Fpid=BBBBB

And so on…

Actually, as you will find out eventually, that FlashGet can download the file, without needing any URL parameters:

http://safari.vo.llnwd.net/kip0/_pxn=1+_pxI0=Ripod-h264+_pxL0=undefined+_pxM0=+_pxK=19616/mobile/s/BBBBB/a03.mp4 

You can also use Firefox or Opera. Both of them do NOT ask for any authentication when the video URL is entered.

You can use any firefox video downloader extension like Ant Video Downloader to download the video.

This implies that if one can gain knowledge of a URL, perhaps from someone who has an account on Safari, and who can access a video resource, anyone may be able to download the videos.

Also, since we were able to strip off all parameters such as AccountId, UserID etc, and still got a proper file as server response when using a different browser afresh – firefox/opera, how might safari be tracking whether the request was legit or not, i.e. was the request sent by an authenticated AND an authorized user? Certainly doesn’t look like they do! A review of AAA controls of the download site could be a start for Safari.

Update: A reader provided additional info on how to apparently turn the download of mobile version (read: low quality encoded for mobile version) into HD quality.
>>> Just remove the H264 parameter in the URL.

Thanks..

+++++

KG

20 Comments on “Hack Safaribooks video downloads

  1. Awesome. Now I will be able to watch HD videos on my Galaxy Note on the train. Love Safari, but I can't have a good connection while travelling

  2. Found a simpler method that works with the 10 day free trial, as it seems I cannot log into mobile site with trial account…

    Disable flash (in chrome go to chrome://plugins)
    go to video page (no need to fake mobile)
    right click on the video and click "inspect element" (if you don't see "inspect element" you haven't disabled flash)
    find the script tag just below the highlighted element and find the definition of the experienceJSON variable
    copy and paste the JSON into jsoneditoronline.org
    browse to data.programmedContent.videoPlayer.mediaDTO.renditions.defaultURL

    Should be authentication free CDN URL to the HD mp4 of your vid

    Safari uses BrightCove to serve up the vids, so could work on any other client of BrightCove… fyi

  3. Anybody know of a way to automate this with Python and urllib? Just populate some variables with the user/pass and have it prompt for the url of the page that links to all the videos?

  4. could not find property you are referring to above…
    data.programmedContent.videoPlayer.mediaDTO.renditions.defaultURL
    perhaps this has been removed ….

Leave a Reply

Your email address will not be published. Required fields are marked *