Evil wget isn't as evil as regular wget

Compiling wget for Windows is not a difficult task, but there is almost no good documentation out there to help. This guy has a decent guide. I use Visual Studio 2005, but Microsoft gives away a free version that will work just as well for this purpose. Wget depends on openssl (to connect to secure http servers) and openssl requires perl to build. You can skip the whole installing ActivePerl step and grab a pre-compiled version. (You’ll want to get the zipped precompiled copy of OpenSSL linked to on that page.)

After figuring this out, I compiled evil wget for Windows. You’ll need the OpenSSL DLLs in the same directory. Also, evil wget is improved. Now it fakes its User Agent to pretend to be IE 6. This means that clever admins who block by user agent are out of luck. Blocking by IP is always an option though. Source is here. There are also binaries for OS X and Linux. Both depend on OpenSSL.

By the way, anyone using wget to retrieve files from a web server with password authentication should be careful. Wget tries using basic authentication, then digest auth if that fails. Even if your web server is properly configured to use digest authentication, wget will send your password out base64 encoded first. Most sniffers will recognize the string is base64 encoded and automatically decode the username and password. Think first before telling wget to use authentication as your credentials will be sent out for anyone to sniff. Use something like curl (http://curl.haxx.se/) instead.



When commenting, remember: Is it true? Is it necessary? Is it kind?


Go dark.