Download all videos from a specific creator's page on doifans.vip without paying.
List video URLs in JSON format to feed into a separate download manager like aria2.
Check connectivity to the target site through an HTTP or SOCKS5 proxy before downloading.
| sophomoresty/doifans-dl | ajay150313/agentsre-langchain | infiniumtek/terraform-review-agent | |
|---|---|---|---|
| Stars | 44 | 44 | 44 |
| Language | Python | Python | Python |
| Setup difficulty | moderate | easy | moderate |
| Complexity | 2/5 | 2/5 | 3/5 |
| Audience | researcher | developer | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Needs a stable HTTP or SOCKS5 proxy since the target site is behind Cloudflare.
doifans-dl is a command line tool written in Python that downloads videos from doifans.vip, a paid subscription video site built on OnlyFans style software. Instead of paying for a subscription, this tool uses several security weaknesses in the site to unlock a creator's full video catalog for free. The README explains the method step by step. First the tool sends a fake payment confirmation to the site's Stripe webhook endpoint, which has no signature check, so it credits money to a wallet without any real transaction taking place. It then logs in by sending the login request with a JSON content type, which gets around the site's web application firewall. With wallet funds in place, it buys a monthly subscription to any creator's page. Once subscribed, it reads the creator's page and its pagination endpoint to collect every video link, then downloads each file directly, since the server does not check permissions on the video files themselves. To use it, a person installs the package with pip, then runs a single command with the creator's username, optionally through an HTTP or SOCKS5 proxy since the site sits behind Cloudflare. Videos already downloaded are skipped automatically, and a list only mode can print the video links as JSON without downloading, for use with other download tools. The README also lists several additional weaknesses in the site that the tool does not use, including a debug mode that exposes source code, an open log file with password hashes and emails, and a way to modify account fields directly. The project requires Python 3.10 or newer and no personal account, since the credentials it uses are built in. The README states the tool is meant for education and authorized security research and that the site may patch these issues or go offline at any time, which would break the tool. There is no information about a formal license for this project.
A command line tool that exploits security flaws in a paid video site to download any creator's videos without paying for a subscription.
Mainly Python. The stack also includes Python.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.