In Chrome, you can just do as the author says, right click and "Save Image As".<p>Then just go to the folder where it is being downloaded, and copy/paste the file "lisa.jpeg.crdownload" to "lisa.jpeg.crdownload copy".<p>Rename to "lisa.jpeg" and cancel the download. You now have the image. What's interesting is that you <i>ARE</i> actually downloading this image. It's just that they don't terminate the connection.
The problem with leaving connections open is that there's a limit on how many you can have on the server... I think the author has committed self-DoS :)<p><a href="https://en.wikipedia.org/wiki/Slowloris_(computer_security)" rel="nofollow">https://en.wikipedia.org/wiki/Slowloris_(computer_security)</a>
<i>When you usually try to download an image, your browser opens a connection to the server and sends a GET request asking for the image.</i><p>I'm not a web designer, but that seems rather ass-backwards. I'm already looking at the image, therefore the image is already residing either in my cache or in my RAM. Why it is downloaded a second time instead of just being copied onto my drive?
There's another way to achieve this in a more malicious way. Granted I haven't tried it in years, but it was possible back in 2017 when I tested it.<p>The idea is to fake the image that's being displayed in the IMG element by forcing it to show a `background-image` using `height: 0;` and `padding-top`.<p>In theory, you could make an IMG element show a photo of puppies and if the person chose to Right-click > Save Image As then instead of the dog photo it could be something else.<p>For some reason I can't Oauth into Codepen so for now I can't recreate it publicly.
This does create a self inflicted Slowloris attack on the server hosting the image, so this site is probably more susceptible to the hug of death than most
It always baffled me browsers even try to download an image (or a page or whatever) I asked them to save despite fact they have already downloaded and displayed it. What I would want them to do instead is just dump it from the memory.<p>And this sounds particularly important in case it's about a web page which has been altered in runtime by JavaScript - I want the actual DOM dumped so I can then loaded it to display exactly what I see now.
This is a perfect (if maybe unintentional) example of how to get help from otherwise disinterested technical folk: Make an obviously technically-incorrect claim as fact, and watch as an entire army comes out of the woodwork giving you technical evaluations :)
In Chromium based browsers the quickest method I've found is "right click -> Inspect" the image then click the sources tab in the dev tools window. From here you can drag or save the image shown without issue. My guess as to why this works is the sources view seems to pull from the loaded content of the page rather than fetch the content based on the lack of packets trying this with a packet capture running.
On iOS, long press > add to photos<p>I now have a photo of the Mona Lisa in my camera roll.<p>I guess this is one of those things that wouldn’t be as edgy with the actual mechanism stated. :)
Great! Just what we need these days: more tricks to screw around with the simple, straightforward implementation of the HTTP protocol! And just in time for Christmas.
In Chrome, Right-Click on Image → Inspect → Right-Click on <img src="lisa.jpg" alt="Mona Lisa"> Tag → Capture node screenshot → Save
On Google Pixel there is a new feature where I can go to the recent app screen and it defects images to click on them to do Google lense or save images or share image. I was able to save the image of size 506kb with 841x1252 1.1MP pic.
Works fine with <i>wget</i> it just keeps hanging but if you CTRL+C it and open the file it'll look fine.<p>The trick is to have nginx never timeout and just indefinitely hang after the image is sent. The browser renders whatever image data it has received as soon as possible even though the request is never finished. However, when saving the image the browser never finalizes writing to the temp file so it thinks there is more data coming and never renames the temp file to the final file name.
My usual way of downloading images is to click and drag the image into my downloads folder on my Mac. Worked fine for me from Safari. Am I missing something?
Aside from all the folks who can download the image one way or another, I'm pretty disappointed that the technique here is simply using a web-server that doesn't work like clients expect. People have broken links or incorrect redirects all the time, but we don't generally make a fuss over them.
Other methods have been posted, but I wanted to share mine. Mac needed:<p>1. Secondary click image → "Copy Image"<p>2. Open Preview<p>3. File → New from Clipboard<p>4. Save image
An interesting workaround for Android 12 users: go to the app switcher and there will be a badge over the image which you can click to get "copy", "share" and "save" buttons. Save it from that panel and it works just fine.
Another idea is canvas: <a href="https://jsfiddle.net/dvg45pcz/" rel="nofollow">https://jsfiddle.net/dvg45pcz/</a><p>But I don't know how to get it to not appear in network sources.<p>Or wasm but I don't know how to write that.
No one seems to mention that Chrome keeps spinning on the HTML load as well and eventually kills the image. This means the webpage itself is broken and fails to work. Not just the download. Soo.. this just does not work for anything..
<i>Looks at image.</i><p><i>Looks at prntscrn key.</i><p>This is basically a carefully targeted reverse slow lorris and involves right clicking an image why do I fear that use case and that level of madcap solution will all lead back to NFT bros...
This one is pretty easy but a friend recently showed me one (gallery of some sort) I couldn't figure out quickly which was downloading chunks in nonstandard ways and piecing them together with uglified js.
Somehow right clicking + saving worked fine on Safari (desktop). I tried it a couple of times and it worked in all cases; sometimes it took a second, sometimes more. Perhaps the server dropped the connection?
On webkit based browsers at least you can just drag the image out, it doesn’t bother trying to redownload it just reconstructs the image file from memory, this also applies to copy/paste on ios
There's a multitude of ways to workaround this hack. You can easily grab the screen area via the OS if need be. Seems pointless to try to restrict access if it's viewable in a browser.
I would have expected this to do something different, like rendering the image via WebGL (so it looks like an <img>, but isn't easily downloadable).
<p><pre><code> $ wget https://youcantdownloadthisimage.online/lisa.jpg
</code></pre>
wait for like 5 seconds for it to finish downloading and then hit ctrl-c
I right clicked (on a Mac), clicked "copy image" and I pasted that into preview just fine.<p>Is there some reason why that's an uninteresting exception?
what, sure if initiating the save as.. triggers this endless download thing<p>but the initial load is the image and opening up dev tools and finding it in the sources/cache and saving it from there, chrome knows it's 56.1kb or whatever and just saves it out of cache, done.<p>Interesting but what was the point they're trying to make?
How to download this image:<p>1. Open Inspect (right click and hit "inspect")<p>2. Click the "Network" tab<p>3. Refresh the page (while clearing the cache Command+Shift+R)<p>4. Right click on "lisa.jpg" in the list view under the "Network" tab<p>5. Click "Open in new tab"<p>6. Right click the image on the new tab<p>7. Click "Save image as"<p>Man I can't believe these clowns (or myself for typing all this out--don't know who is worse)
if I open the image on a new tab, after 1.5 minutes the "content download" was ready. Also, had no problem right clicking it and hitting copy image.