Thanks John,
I agree with you than trying to reverse engineer the Web Connect
authentication is probably not going to happen. So does this mean that
in the not-to-distant future we'll be left with two choices? Manual
download or quicken?
What about plaid? Does anybody have any experience with that? Their list
of supported institutions include my bank, but I don't know whether they
too will be locked out. I plan on giving that a shot.
https://plaid.com/docs/faq/
J
Jean,
From
https://www.patelco.org/-/media/patelco/pdfs/member-support/digital-banking-services/express-web-connect_windows.pdf
it looks like they switched to OFX Web Connect. Unfortunately that's been the
trend for the last 10 years, and I imagine that it's an easy sell to the banks
considering the weak security offered by OFX Direct Connect. That also means
that switching banks is at best a short-term solution because of that trend:
The new bank is likely to do the same thing sooner or later.
I think the only really feasible workaround is to reverse-engineer the Web
Connect authentication. That would mean installing Quicken and setting up and
using OFX Web Connect while monitoring the traffic with wireshark.
https://redflagsecurity.net/2019/03/10/decrypting-tls-wireshark/ might be
helpful for decrypting the authentication traffic with the browser. No doubt
the quicken connection will also be encrypted so you'll need to find the keys
for that too to be able to interpret the traffic--and working out the key
exchange between Quicken and the bank will also be necessary. Frankly I would
expect a low probability of success without help from a crypto expert.
Regards,
John Ralls
_______________________________________________
gnucash-devel mailing list
gnucash-devel@gnucash.org
https://lists.gnucash.org/mailman/listinfo/gnucash-devel
