A fair while back, I wrote a bot that re-posted “sensitive” videos to liveleak.com, where “sensitive” generally meant “something YouTube would delete before people got a chance to see it”. Compared to YouTube, LiveLeak seemed to be more reluctant to take down videos, enabling more people to see them. Part of the work was figuring out how to upload to liveleak.com programmatically, because unlike YouTube, they don’t offer an API. To work around that limitation, you have to do a little bit of wizardry. This article describes how it all works.

First, before you do anything, you need to login. This is straightforward: it’s a form submission (HTTP POST) with the username and password as parameters. After a successful login, liveleak.com sets some cookies in your browser, including:

  • PHPSESSID
  • liveleak_user_token

You need these cookies to identify yourself as a logged-in user in subsequent transactions with liveleak.com. Once you’re in, uploading a video is a four-step process:

  1. Fetch a new “add item page”.
  2. Upload to the video to AWS.
  3. Add the file to liveleak.com.
  4. Publish the video.

Let’s go through each of those in slightly more detail.

Step 1: fetch a fresh “add item” page.

This page comes loaded with all the goodies you need to upload a new video, more specifically:

  1. multipart_params (for uploading to AWS)
  2. connect_string (for connecting the uploaded file to liveleak.com)
  3. connection (this ends up being the item token after publishing)

Parsing these out is straightforward.
The multipart_params are in JavaScript. The simplest way to get them out is to write a line-by-line parser. This isn’t as robust as e.g. interpreting the JavaScript with PhantomJS, because if the formatting changes, the parser will break. But it’s good enough. The same thing goes for the connect_string. The connection number is easier to get: you just parse the HTML with e.g. lxml and extract it directly via an xpath.

Step 2: upload the video file to LiveLeak’s AWS S3 bucket.

This moves the data from the user to Amazon Web Services (AWS) Simple Storage Service (S3). This is a separate system that allows you to store lots of data for a reasonably low price. S3 organizes data in buckets and keys. LiveLeak stores its videos in the llbucs bucket, with the key derived from several variables including the filename.

This is another POST, but it’s more involved because it needs to:

  1. Stream the data as opposed to send it one chunk (video files can be big), and
  2. Do this while emulating the web form on liveleak.com.

I’m not sure that #2 is 100% required: it’s possible that the S3 bucket is publicly accessible, in which case you may be able access it directly using boto or boto3 in a more Pythonic way. After the upload is complete, we get an S3 key which tells us where exactly the video was stored.

Step 3: Add the file to liveleak.com.

This connects the file with the S3 key that we obtained in the previous step. This is yet another form submission with some magic parameters: one of these is the connect_string, another is the S3 key.

Step 4: Specify metadata and publish the video.

This actually adds the item to the logged in user’s channel. Mechanically, it’s yet another form submission (HTTP POST) with a ton of parameters. Some of them specify metadata about the video (e.g. title, description) and some are just there to hang out. Once this step is complete, we get an item token (which is identical to the connection token), which we can then use to access the video. From here, it behaves the same as any other video uploaded to liveleak.com - anyone can view it, and the owner of the channel can modify and delete it.

Step 5: PROFIT.

That’s pretty much it. I ended up putting this functionality into a library that’s now on PyPI. Have a look, if you like.