views:

242

answers:

7

I'm building a utility that will hopefully keep my wife in tune with how much money we have available.

I need a simple secure way of logging into my bank account and retrieving the balance.

Something like mechanize is the only method I can think of. I'm not even sure if that would work given the properly authenticated https that banks use.

Any ideas?

+2  A: 

Write a perl script using LWP::UserAgent. It supports HTTPS connections. The only issue might be if the site requires javascript.

Web Client Programming with Perl has a few examples to get you started if you're not too familiar with perl.

Ben S
A: 

If you are open to AIR, I'd say build an AIR app. I have worked with mechanize and I think it's cool. AIR gives you similar features with a richer GUI (see HTMLLoader and DOM manipulation of webpage).

If I were you, I'd simply pull the page and manipulate the DOM to suit my visual needs.

dirkgently
+2  A: 

Why don't you teach your wife how to login to the bank herself? Or use Quicken (or Mint, etc) and teach her how to use the auto-download feature?

Jason
I think the entire login process is what he is trying to remove so that checking his balances is easier and thus they are more likely to follow their finances.
Ben S
I don't like any of these programs. They all rely on my keeping track of my expenses. Not gonna happen.
Mr Grieves
A: 

Please, if you find this easy to do for your bank please post your bank's name. If I have the same one I'll be closing my account.

More to your question. The process of loading a web page inside of your code rather than in a browser can be a black art, especially if their is any javascript involved. Your best bet would probably be embedding the IE Web Browser control in your app and then simulating key strokes and mouse clicks to arrive at your balance page. Then scrape the HTML for the balance.

mjmarsh
Most banks support bypassing some of their security features by using a secure cookie. Get a copy of that cookie and it's easy. Even without this unless your bank has a CAPTCHA or other advanced test for every login, it can easily be automated if you know the credentials.
Ben S
+1  A: 

If you really want to go there, get these extensions for Firefox: Live HTTP Headers, Firebug, FireCookie, and HttpFox. Also download cURL and a scripting language that can run cURL command-line tasks (or a scripting language like PHP or Perl that has access to cURL libraries directly).

I've started down this road for some idempotent GET tasks like getting PDFs of the S&P reports (of the stocks I track) from my online brokerage, and downloading the check images for my bank account. Both tasks are repetitive and slow ways of downloading data to my computer that the financial institutions don't provide any way of making it easier.

Here's why you shouldn't: (as a shortcut I'm going to call the archetypal large bank, brokerage, or other financial institution "BloatBank")

  1. BloatBank is not likely to make public their API for accessing this kind of information. So it can change any time and all your hard work will be for naught. Whenever they change their mechanism, you'll have to adapt.
  2. If BloatBank finds out you've been using automatic scripting to try to access your account information, they may ban you because you've violated their terms of service.
  3. You might screw up, and the interaction between the hodgepodge of scripts on BloatBank's server, and your scripts that access your account, might cause a Bad Thing like closing your account. Testing this kind of script is tremendously difficult because you don't have any documentation about how their online service works, and you don't have a test account you can mess with.
  4. (a variant of the above) You think you're safe because you're issuing GET requests. But BloatBank is just a crazy bank that doesn't know anything about REST, so there are some GET requests that can mess up your account.
  5. If someone else does use your script to maliciously sniff your online password or mess with your account, any liability coverage from BloatBank may disappear because you've opened a security hole.
Jason S
A: 

I could try paying for Quicken and letting it do the balance downloading. Then I'd just need to find a way to get the number out of the software automatically.

This way I'm not violating any terms of service and I'm also reducing security risk since all "hacking" goes on locally.

Mr Grieves
A: 

Have you checked out Watir? It is fantastic for automating web-browser actions. And since it's written in Ruby, you can take the results and store them in a DB (or email them to yourself) if needed.

Josh Stodola