Having put in place a simple man-in-the-middle SSL/TLS stripping setup using socat, I used Wireshark to view the HTTP traffic to my bank, so I could replicate it in a more programmatic manner than manually using a web browser. I set Wireshark to capture on any device using the following filter.

tcp port 1337

Using a custom port (1337) slightly hindered automatic decoding so I right clicked on the data section of TCP packets with a data section and selected “Decode As…”, and selected transport tab for port 1337 to be decoded as HTTP. With this in place I put “http” in the filter box and removed a bunch of TCP noise. Now there was still a bunch of javascript fetches that I hopefully won’t have to deal with, but it was easy to locate the POST method that I was particularly interested in.