[GNC-dev] New OFX Requirements For USAA FSB

John Ralls jralls at ceridwen.us
Fri Jan 29 23:11:44 EST 2021 


> On Jan 29, 2021, at 4:11 PM, Bob White <white.b at me.com> wrote:
> 
> Thanks, John,
> 
>> 
>> Not mentioned in your emails is the response from USAA: A webpage reporting a server error instead of the usual 50x HTTP response code.
> 
> I do see a 400 in the Online Banking Transaction Window when attempting to download transactions in GNC:
> 
> AqBanking v6.2.5.0stable
> Sending jobs to the bank(s)
> Sorting commands by account
> Sorting commands by account
> Sorting commands by provider
> Send commands to providers
> Send commands to provider "aqofxconnect"
> Locking customer "4563"
> Sending request...
> Connecting to server...
> Resolving hostname "df3cx-services.1fsapi.com" ...
> IP address is "45.60.151.211"
> Connecting to "df3cx-services.1fsapi.com"
> Connected to "df3cx-services.1fsapi.com"
> Using GnuTLS default ciphers.
> TLS: SSL-Ciphers negotiated: TLS1.3:ECDHE-RSA-AES-128-GCM:AEAD
> Connected.
> Sending message...
> Message sent.
> Waiting for response...
> Receiving response...
> HTTP-Status: 400 (Bad Request)
> Unlocking customer "4563"
>  
>> 
>> Also not mentioned in your emails: I suppose that you were able to download your transactions successfully with Quicken. Do you think you could install Wireshark (https://www.wireshark.org/#download) and collect what Quicken is sending?
> 
> It's been a while since I used Wireshark, but I did install install it.  Everything captured is encrypted.  I've never decrypted TLS in  Wireshark before.  Is there a tutorial available that doesn't require the use of Chrome or Netscape so I can capture while using the Quicken app?
> 
> If not, I guess I could try the Quicken Web interface via Chrome or Netscape and capture things that way.

Dang, I didn't think of encryption. I don't know how to do that, and since Quicken 

The Quicken web interface is I think different from OFX Direct Connect. If it's OFX Web Connect then it handles authentication differently and that's probably at least part of the problem.

I found a quicken community discussion that suggests that Quicken for Windows used IE to connect, so I'd imagine that Quicken for Mac would use WebKit. I don't know if Apple's installed WebKit uses openssl, but it might, in which case it might be possible to get a key log for the Quicken session. Total speculation, I've never done anything remotely like this.

Regards,
John Ralls

More information about the gnucash-devel mailing list