I am new to this group, and glad to see the discussion of USAA.
Their revision of the download process when I last looked applied to Quicken
which I dropped years ago. Furthermore, their download data does not
fit into the Gnucash import process. So I am having to manually
restructure
the downloaded data to fit Gnucash. But it is too cumbersome, so I am
just being careful to input the charges from receipts at the time of
purchase.
Im embarassed to say this, but actujally it helps me to enter them on time.
(which I dropped On 1/30/21 12:00 PM, gnucash-devel-requ...@gnucash.org
wrote:
Send gnucash-devel mailing list submissions to
gnucash-devel@gnucash.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.gnucash.org/mailman/listinfo/gnucash-devel
or, via email, send a message with subject or body 'help' to
gnucash-devel-requ...@gnucash.org
You can reach the person managing the list at
gnucash-devel-ow...@gnucash.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of gnucash-devel digest..."
Today's Topics:
1. Wiki registration (a...@h0sta.de)
2. Re: Wiki registration (John Ralls)
3. Re: New OFX Requirements For USAA FSB (Bob White)
4. Re: New OFX Requirements For USAA FSB (John Ralls)
5. Re: New OFX Requirements For USAA FSB (Thomas Baumgart)
6. Re: New OFX Requirements For USAA FSB (Bob White)
----------------------------------------------------------------------
Message: 1
Date: Fri, 29 Jan 2021 19:09:57 +0200
From: a...@h0sta.de
To: <gnucash-devel@gnucash.org>
Subject: [GNC-dev] Wiki registration
Message-ID: <20210129190957.415a0db7@hostaname>
Content-Type: text/plain; charset=US-ASCII
Hello everyone,
my request to register for the Wiki was declined.
Can anyone set up my account?
Let me know
Kindly
Alex
------------------------------
Message: 2
Date: Fri, 29 Jan 2021 12:09:50 -0800
From: John Ralls <jra...@ceridwen.us>
To: a...@h0sta.de
Cc: gnucash-devel@gnucash.org
Subject: Re: [GNC-dev] Wiki registration
Message-ID: <1a443aa2-8404-4894-bbb7-82dcfc35f...@ceridwen.us>
Content-Type: text/plain; charset=us-ascii
On Jan 29, 2021, at 9:09 AM, a...@h0sta.de wrote:
Hello everyone,
my request to register for the Wiki was declined.
Can anyone set up my account?
Let me know
Your request was rejected because like most spammers you didn't explain what
you want to edit. Just open another request with something there. (The
remaining spammers try to BS their way in with extravagant claims of mostly
irrelevant programming experience.)
Regards,
John Ralls
------------------------------
Message: 3
Date: Sat, 30 Jan 2021 00:11:22 -0000
From: Bob White <whit...@me.com>
To: John Ralls <jra...@ceridwen.us>
Cc: GNUCASH devel <gnucash-devel@gnucash.org>, Martin Preuss
<mar...@aqbanking.de>
Subject: Re: [GNC-dev] New OFX Requirements For USAA FSB
Message-ID: <51978ee3-4e76-447e-93ad-c2814a7a3...@me.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Thanks, John,
Not mentioned in your emails is the response from USAA: A webpage reporting a
server error instead of the usual 50x HTTP response code.
I do see a 400 in the Online Banking Transaction Window when attempting to
download transactions in GNC:
AqBanking v6.2.5.0stable
Sending jobs to the bank(s)
Sorting commands by account
Sorting commands by account
Sorting commands by provider
Send commands to providers
Send commands to provider "aqofxconnect"
Locking customer "4563"
Sending request...
Connecting to server...
Resolving hostname "df3cx-services.1fsapi.com" ...
IP address is "45.60.151.211"
Connecting to "df3cx-services.1fsapi.com"
Connected to "df3cx-services.1fsapi.com"
Using GnuTLS default ciphers.
TLS: SSL-Ciphers negotiated: TLS1.3:ECDHE-RSA-AES-128-GCM:AEAD
Connected.
Sending message...
Message sent.
Waiting for response...
Receiving response...
HTTP-Status: 400 (Bad Request)
Unlocking customer "4563"
?
Also not mentioned in your emails: I suppose that you were able to download
your transactions successfully with Quicken. Do you think you could install
Wireshark (https://www.wireshark.org/#download) and collect what Quicken is
sending?
It's been a while since I used Wireshark, but I did?install install it.
?Everything captured is encrypted. ?I've never decrypted TLS in ?Wireshark
before. ?Is there a tutorial available that doesn't require the use of Chrome
or Netscape so I can capture while using the Quicken app?
If not, I guess I could try?the Quicken?Web interface via Chrome or Netscape
and capture things that way.
Bob
------------------------------
Message: 4
Date: Fri, 29 Jan 2021 20:11:44 -0800
From: John Ralls <jra...@ceridwen.us>
To: Bob White <whit...@me.com>
Cc: GNUCASH devel <gnucash-devel@gnucash.org>, Martin Preuss
<mar...@aqbanking.de>
Subject: Re: [GNC-dev] New OFX Requirements For USAA FSB
Message-ID: <c4429b5c-0ed1-4942-9ea9-850ede4d3...@ceridwen.us>
Content-Type: text/plain; charset=us-ascii
On Jan 29, 2021, at 4:11 PM, Bob White <whit...@me.com> wrote:
Thanks, John,
Not mentioned in your emails is the response from USAA: A webpage reporting a
server error instead of the usual 50x HTTP response code.
I do see a 400 in the Online Banking Transaction Window when attempting to
download transactions in GNC:
AqBanking v6.2.5.0stable
Sending jobs to the bank(s)
Sorting commands by account
Sorting commands by account
Sorting commands by provider
Send commands to providers
Send commands to provider "aqofxconnect"
Locking customer "4563"
Sending request...
Connecting to server...
Resolving hostname "df3cx-services.1fsapi.com" ...
IP address is "45.60.151.211"
Connecting to "df3cx-services.1fsapi.com"
Connected to "df3cx-services.1fsapi.com"
Using GnuTLS default ciphers.
TLS: SSL-Ciphers negotiated: TLS1.3:ECDHE-RSA-AES-128-GCM:AEAD
Connected.
Sending message...
Message sent.
Waiting for response...
Receiving response...
HTTP-Status: 400 (Bad Request)
Unlocking customer "4563"
Also not mentioned in your emails: I suppose that you were able to download
your transactions successfully with Quicken. Do you think you could install
Wireshark (https://www.wireshark.org/#download) and collect what Quicken is
sending?
It's been a while since I used Wireshark, but I did install install it.
Everything captured is encrypted. I've never decrypted TLS in Wireshark
before. Is there a tutorial available that doesn't require the use of Chrome
or Netscape so I can capture while using the Quicken app?
If not, I guess I could try the Quicken Web interface via Chrome or Netscape
and capture things that way.
Dang, I didn't think of encryption. I don't know how to do that, and since
Quicken
The Quicken web interface is I think different from OFX Direct Connect. If it's
OFX Web Connect then it handles authentication differently and that's probably
at least part of the problem.
I found a quicken community discussion that suggests that Quicken for Windows
used IE to connect, so I'd imagine that Quicken for Mac would use WebKit. I
don't know if Apple's installed WebKit uses openssl, but it might, in which
case it might be possible to get a key log for the Quicken session. Total
speculation, I've never done anything remotely like this.
Regards,
John Ralls
------------------------------
Message: 5
Date: Sat, 30 Jan 2021 07:19:14 +0100
From: Thomas Baumgart <t...@kmymoney.org>
To: gnucash-devel@gnucash.org
Subject: Re: [GNC-dev] New OFX Requirements For USAA FSB
Message-ID: <2183256.ElGaqSPkdT@thb-nb>
Content-Type: text/plain; charset="us-ascii"
On Samstag, 30. Januar 2021 05:11:44 CET John Ralls wrote:
On Jan 29, 2021, at 4:11 PM, Bob White <whit...@me.com> wrote:
Thanks, John,
Not mentioned in your emails is the response from USAA: A webpage reporting a
server error instead of the usual 50x HTTP response code.
I do see a 400 in the Online Banking Transaction Window when attempting to
download transactions in GNC:
AqBanking v6.2.5.0stable
Sending jobs to the bank(s)
Sorting commands by account
Sorting commands by account
Sorting commands by provider
Send commands to providers
Send commands to provider "aqofxconnect"
Locking customer "4563"
Sending request...
Connecting to server...
Resolving hostname "df3cx-services.1fsapi.com" ...
IP address is "45.60.151.211"
Connecting to "df3cx-services.1fsapi.com"
Connected to "df3cx-services.1fsapi.com"
Using GnuTLS default ciphers.
TLS: SSL-Ciphers negotiated: TLS1.3:ECDHE-RSA-AES-128-GCM:AEAD
Connected.
Sending message...
Message sent.
Waiting for response...
Receiving response...
HTTP-Status: 400 (Bad Request)
Unlocking customer "4563"
Also not mentioned in your emails: I suppose that you were able to download
your transactions successfully with Quicken. Do you think you could install
Wireshark (https://www.wireshark.org/#download) and collect what Quicken is
sending?
It's been a while since I used Wireshark, but I did install install it.
Everything captured is encrypted. I've never decrypted TLS in Wireshark
before. Is there a tutorial available that doesn't require the use of Chrome
or Netscape so I can capture while using the Quicken app?
If not, I guess I could try the Quicken Web interface via Chrome or Netscape
and capture things that way.
Dang, I didn't think of encryption. I don't know how to do that, and since
Quicken
The Quicken web interface is I think different from OFX Direct Connect. If it's
OFX Web Connect then it handles authentication differently and that's probably
at least part of the problem.
I found a quicken community discussion that suggests that Quicken for Windows
used IE to connect, so I'd imagine that Quicken for Mac would use WebKit. I
don't know if Apple's installed WebKit uses openssl, but it might, in which
case it might be possible to get a key log for the Quicken session. Total
speculation, I've never done anything remotely like this.
You cannot do that without breaking the security. Wireshark can decrypt the
traffic, but you need the private key of the server certificate (and I doubt
that you will be able to get a hold of it).
The other method is to use a proxy that intercepts the traffic (mitm). Tools
like ZAP (https://owasp.org/www-project-zap/) or the Burp Suite
(https://portswigger.net/burp) would be something to look into. Be warned: if
you don't clean up after you're done, using these methods may leave a security
hole on your system!
Other than that, I am also interested in your findings as this problem also
applies to other applications using AqBanking/LibOFX.
_______________________________________________
gnucash-devel mailing list
gnucash-devel@gnucash.org
https://lists.gnucash.org/mailman/listinfo/gnucash-devel
