[Resolved] cURL and Online Banking

upnxwood16

For the life of me, searching all day and night.. This is the best script I could get to have my webpage log into WellsFargo online banking..it won't work though

<?php
$ch = curl_init(); // create cURL handle (ch)
if (!$ch) {
   die("Couldn't initialize a cURL handle");
}
// set some cURL options
$ret = curl_setopt($ch, CURLOPT_URL,            "https://online.wellsfargo.com:443/az1_ba1_on/cgi-bin/session.cgi?LOB=CONS&screenid=SIGNON&origination=Wib&userid=REMOVED&password=REMOVED&destination=AccountSummary");
$ret = curl_setopt($ch, CURLOPT_HEADER,        1);
$ret = curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
$ret = curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
$ret = curl_setopt($ch, CURLOPT_TIMEOUT,        30);

// execute
$ret = curl_exec($ch);

if (empty($ret)) {
   // some kind of an error happened
   die(curl_error($ch));
   curl_close($ch); // close cURL handler
} else {
   $info = curl_getinfo($ch);
   curl_close($ch); // close cURL handler

   if (empty($info['http_code'])) {
           die("No HTTP code was returned"); 
   } else {
       // load the HTTP codes
       $http_codes = parse_ini_file("path/to/the/ini/file/I/pasted/above");

   // echo results
   echo "The server responded: <br />";
   echo $info['http_code'] . " " . $http_codes[$info['http_code']];
   }

}
?>

The output I get is the webpage giving me a error saying
"Your account information is currently unavailable. Please try again later or call 1-800-956-4442."

Which is now true because when I use the link manually, it works perfectly fine.

What I want it to do is log into my bank account, search for the account balance and then store it into a database. I know how to do everything else but log into the bank account. Any help greatly appreciated.

drew010

here is the login sequence. there are a few separate page requests. i tested it on a friend's account and i managed to get the echo $data part to show the splash page where it shows the balances of the checking and savings.

<?php

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, "https://online.wellsfargo.com:443/az1_ba1_on/cgi-bin/session.cgi?LOB=CONS&screenid=SIGNON&origination=Wib&userid=GONE&password=GONE&destination=AccountSummary");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, "wellscookie.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "wellscookie.txt");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040608");

$data = curl_exec($ch);
$redir = preg_match("/<a href=\"(.*)\">/i", $data, $matches);

/**************************************************************************************/

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $matches[1]);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, "wellscookie.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "wellscookie.txt");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040608");

$data = curl_exec($ch);
$redir = preg_match("/CONTENT=\"1;URL=(.*)\"/i", $data, $matches);

/**************************************************************************************/

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $matches[1]);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, "wellscookie.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "wellscookie.txt");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040608");

$data = curl_exec($ch);
$redir = preg_match("/CONTENT=\"3;URL=(.*)\"/i", $data, $matches);

/**************************************************************************************/

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $matches[1]);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, "wellscookie.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "wellscookie.txt");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040608");

$data = curl_exec($ch);
$redir = preg_match("/CONTENT=\"3;URL=(.*)\"/i", $data, $matches);

/**************************************************************************************/

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $matches[1]);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, "wellscookie.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "wellscookie.txt");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040608");

$data = curl_exec($ch);
echo $data;

?>

i was looking at some of the links once it is logged in. all the sessargs part seem to be encrypted links to the subsequent pages. im not sure if it is based on the session id or what, some seemd to be base64 encoded but even decoding wouldnt help. if you wanted to then jump from that page to the other summary pages, you can use regex like i did to match the url to the href link text such as clicking on "checking" or "savings" to see the account activity. anyway, that should get you started. if you have more trouble post back.

upnxwood16

I ran your code and it gave me no errors, but it didn't work. My screen is just blank. =(

drew010

try this instead. its pretty much the same, i noticed on the last post the forum removed a after the / so there was a parse error since it is supposed to be / not / *

<?php

//page 1: send login info

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, "https://online.wellsfargo.com:443/az1_ba1_on/cgi-bin/session.cgi?LOB=CONS&screenid=SIGNON&origination=Wib&userid=GONE&password=GONE&destination=AccountSummary");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, "wellscookie.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "wellscookie.txt");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040608");

$data = curl_exec($ch);
$redir = preg_match("/<a href=\"(.*)\">/i", $data, $matches);

//page 2: please wait while your session is initiated

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $matches[1]);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, "wellscookie.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "wellscookie.txt");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040608");

$data = curl_exec($ch);
$redir = preg_match("/CONTENT=\"1;URL=(.*)\"/i", $data, $matches);

//page 3: load data and check sessions

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $matches[1]);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, "wellscookie.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "wellscookie.txt");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040608");

$data = curl_exec($ch);
$redir = preg_match("/CONTENT=\"3;URL=(.*)\"/i", $data, $matches);

//page 4: more loading and sessions

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $matches[1]);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, "wellscookie.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "wellscookie.txt");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040608");

$data = curl_exec($ch);
$redir = preg_match("/CONTENT=\"3;URL=(.*)\"/i", $data, $matches);

//page 5: finally the account info

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $matches[1]);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, "wellscookie.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "wellscookie.txt");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040608");

$data = curl_exec($ch);
echo $data;

?>

upnxwood16

I noticed that for the above code too, I just tried your other example and still got just a blank page. I am trying to figure out the Firebird headers and how to decrypt that so I can use it. First time with that, so lots of reading and trial/error. Thanks for your quick reply!

drew010

i cant imagine why it wont work for you. obvious question, but did you change the username and password back to yours? i just copied that code again to test it and it works fine. try turning curl debug mode on for all of the curl sessions and see if anything useful gets dumped out like it couldnt connect or something. if nothing happens still, turn error reporting to E_ALL for php and see if there is something else causing the problem

upnxwood16

Unsure if I can turn on the debugging. So if the script is fine, it must be my host.

drew010

you can turn curl debugging on by doing
curl_setopt($ch, CURLOPT_VERBOSE, 1);
in the code for each connection

upnxwood16

twitch Blank page even with the debug command in every connection. I may just switch hosts. Seems easier to blame someone else than me =)

drew010

it must be some kind of parse error then. the server may have error reporting at a low level, try putting error_reporting(E_ALL); at the top. if it still shows nothing, its possible that is begin overridden by php.ini and you will just have to cut out a lot of code and put it in piece by piece until it stops working.