finctrl Goes Live

After working on many prototypes, setting up cgit, receiving permission from my employer to publish, presenting the idea at ConleyCon 2015, and finally switching from shell scripts to Python, I am pleased to present the first code commit to “finctrl”, my attempt at automating financial control. Please find the repository at It currently works by downloading email notifications of transactions from a “Cashflow” IMAP folder and parses them assuming the winter 2015 format. Support for additional input and output formats will hopefully follow soon. (I’ve got shell scripts for Chase; it should be quick and easy to port that to Python, but making a generic framework may take significant work.)

Scripting Kolab Calendar Interactions

As mentioned previously, I would like to be able to do spreadsheet like calculations on my Kolab groupware calendar. Here is how I’m currently attempting that. There were a couple challenges that made this take longer than I had hoped. The first was making sure that, given two processes communicating via a pipe, closing the upstream process didn’t prematurely end the downstream process. This is what the funny redirection is for. The second issue that caused me grief was the carriage return character echo -en '\x0d', present in IMAP results. It caused bash -x output to be really confusing. An extra operation while sed’ing took care of it.

#!/bin/bash -x


rm -f out result
mkfifo out result

  echo "1 login ${username} ${password}"
  echo '2 select Cashflow'
  echo "3 search sentsince ${lastsunday}"
  echo '4 logout'
  sed -nr '/^\* search.*/I {
             s/^\* search +//I
             s/ *\r$//
             s/ /,/g
           }' out > result
) | openssl s_client -starttls imap -connect &> out &

msgs="$(cat result)"

  echo "1 login ${username} ${password}"
  echo '2 select Cashflow'
  echo "3 fetch ${msgs} body[2]"
  echo '4 logout'
  cat out > result
) | openssl s_client -starttls imap -connect &> out &

cat result

#do math
#use imap append command to create new (or what else to modify?) entry

Next steps are to use string processing (probably sed) utilities to extract the icalendar XML and xmlstarlet to parse it (beware the namespace).

Taking the S out of HTTPS for Reverse Engineering

I’d like to be able to automatically query my checking account balance (and all my other accounts to, but checking is a good place to start). To my knowledge, my credit union does not provide an API like The Open Bank Project. So I must resort to screen scraping. To start, I’d like to observe my browser logging in. To do so, I’ll use socat.

socat \
  tcp4-listen:1337,fork \

You may need to look closely at the URLs you’re dealing with. I found that my credit union used a different certificate for the account login subdomain than for the home page at the regular domain. With that in place I can navigate to in Firefox and observe the traffic unencrypted in Wireshark. (Apparently I could give Wireshark my private key as well, if it was built against GNU TLS, but I’ve yet to try that approach.)