I’d like to be able to automatically query my checking account balance (and all my other accounts to, but checking is a good place to start). To my knowledge, my credit union does not provide an API like The Open Bank Project. So I must resort to screen scraping. To start, I’d like to observe my browser logging in. To do so, I’ll use socat.
socat \ tcp4-listen:1337,fork \ openssl:subdomain.domain.tld:443,cafile=/etc/ssl/certs/Appropriate_CA.pem
You may need to look closely at the URLs you’re dealing with. I found that my credit union used a different certificate for the account login subdomain than for the home page at the regular domain. With that in place I can navigate to http://127.0.0.1:1337/path/to/login
in Firefox and observe the traffic unencrypted in Wireshark. (Apparently I could give Wireshark my private key as well, if it was built against GNU TLS, but I’ve yet to try that approach.)
Pingback: Watching the GETs, PUTs, and OKs | Cov's Libre Life