DEV Community

Cover image for A Python steganography API at your service.
Bogomil Shopov - Бого
Bogomil Shopov - Бого

Posted on

1 1 1 1 1

A Python steganography API at your service.

Steganography is the art and science of embedding secret messages in a cover message so that no one, apart from the sender and intended recipient, suspects the existence of the news.

The most common example is to hide a message in an image file without compromising how the image looks. Most people use the photos to share a fantastic moment or two and don’t know they can contain a secret message.

What could be the use case?

  1. Someone can** hack your phone** and embed your text messages in the pictures you take and share on Instagram.
  2. A not-so-happy employee can post a picture on your blog with a secret message to share some trade secrets with your competitors.
  3. Another person can embed an exploit in a PNG ad image; JavaScript code would parse the PNG image, extract the malicious code, and redirect the user to the exploit kit landing page.
  4. Steganography is also a well-known m*ethod for exchanging information between spies*.

Even if it sounds like science fiction, this is a viable threat against your systems and you.

Steganography Protector API

I have created an API (as a Proof of concept) that could discover a secret message hidden in any image file.

The end-point is here (a new one after Heroku shutdown): https://web-production-32ac.up.railway.app/

It accepts POST requests only. The input is a valid URI of an image.

Examples

Request

 import requests
 import json

 url = 'https://web-production-32ac.up.railway.app/'
 s_url = "https://1gr.cz/o/newspaper/images/vyber-mfd-3.png"
 stego_obj = {'rstego': s_url}
 r = requests.post(url, json = stego_obj)
 json_output = json.dumps(r.json(), indent=2)

 print(json_output)
Enter fullscreen mode Exit fullscreen mode

Response

{
  "imgurl": "https://1gr.cz/o/newspaper/images/vyber-mfd-3.png",
  "message": "",
  "response": "Stego: Roar -> the picture is Safe.",
  "status": "safe"
}
Enter fullscreen mode Exit fullscreen mode

Practical use

You could read all of your images from your blog via the API to check whether they contain a secret message. You can also explore hidden traces in your last Instagram image.

If you are looking for a picture with a secret message inside – why don’t you test this one?

Request

It’s the same as the example above but with a different picture. Did you see the difference?

 import requests
 import json

 url = 'https://web-production-32ac.up.railway.app/'
 s_url = "https://talkweb.eu/wp-content/uploads/2021/01/secret.png"
 stego_obj = {'rstego': s_url}
 r = requests.post(url, json = stego_obj)
 json_output = json.dumps(r.json(), indent=2)

 print(json_output)
Enter fullscreen mode Exit fullscreen mode

A favor to ask

I am hosting this POC API with Railway. Please do not create many requests because this could exhaust my budget and prevent people from accessing it. If you want a production use, feel free to contact me.

AWS GenAI LIVE image

How is generative AI increasing efficiency?

Join AWS GenAI LIVE! to find out how gen AI is reshaping productivity, streamlining processes, and driving innovation.

Learn more

Top comments (0)

AWS Q Developer image

Your AI Code Assistant

Implement features, document your code, or refactor your projects.
Built to handle large projects, Amazon Q Developer works alongside you from idea to production code.

Get started free in your IDE

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay