[GNC-dev] USAA

Bruce Miller bmillerworks at gmail.com
Sat Jan 30 14:56:14 EST 2021 

I am new to this group, and glad to see the discussion of USAA.

Their revision of the download process when I last looked applied to Quicken

which I dropped years ago.  Furthermore, their download data does not

fit into the Gnucash import process.   So I am having to manually 
restructure

the downloaded data to fit Gnucash.  But it is too cumbersome, so I am

just being careful to input the charges from receipts at the time of 
purchase.

Im embarassed to say this, but actujally it helps me to enter them on time.


(which I dropped On 1/30/21 12:00 PM, gnucash-devel-request at gnucash.org 
wrote:

> Send gnucash-devel mailing list submissions to
> 	gnucash-devel at gnucash.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.gnucash.org/mailman/listinfo/gnucash-devel
> or, via email, send a message with subject or body 'help' to
> 	gnucash-devel-request at gnucash.org
>
> You can reach the person managing the list at
> 	gnucash-devel-owner at gnucash.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of gnucash-devel digest..."
>
>
> Today's Topics:
>
>     1.  Wiki registration (alex at h0sta.de)
>     2. Re:  Wiki registration (John Ralls)
>     3. Re:  New OFX Requirements For USAA FSB (Bob White)
>     4. Re:  New OFX Requirements For USAA FSB (John Ralls)
>     5. Re:  New OFX Requirements For USAA FSB (Thomas Baumgart)
>     6. Re:  New OFX Requirements For USAA FSB (Bob White)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 29 Jan 2021 19:09:57 +0200
> From: alex at h0sta.de
> To: <gnucash-devel at gnucash.org>
> Subject: [GNC-dev] Wiki registration
> Message-ID: <20210129190957.415a0db7 at hostaname>
> Content-Type: text/plain; charset=US-ASCII
>
> Hello everyone,
>
> my request to register for the Wiki was declined.
> Can anyone set up my account?
>
> Let me know
> Kindly
> Alex
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 29 Jan 2021 12:09:50 -0800
> From: John Ralls <jralls at ceridwen.us>
> To: alex at h0sta.de
> Cc: gnucash-devel at gnucash.org
> Subject: Re: [GNC-dev] Wiki registration
> Message-ID: <1A443AA2-8404-4894-BBB7-82DCFC35FA76 at ceridwen.us>
> Content-Type: text/plain;	charset=us-ascii
>
>
>
>> On Jan 29, 2021, at 9:09 AM, alex at h0sta.de wrote:
>>
>> Hello everyone,
>>
>> my request to register for the Wiki was declined.
>> Can anyone set up my account?
>>
>> Let me know
> Your request was rejected because like most spammers you didn't explain what you want to edit. Just open another request with something there. (The remaining spammers try to BS their way in with extravagant claims of mostly irrelevant programming experience.)
>
> Regards,
> John Ralls
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Sat, 30 Jan 2021 00:11:22 -0000
> From: Bob White <white.b at me.com>
> To: John Ralls <jralls at ceridwen.us>
> Cc: GNUCASH devel <gnucash-devel at gnucash.org>, Martin Preuss
> 	<martin at aqbanking.de>
> Subject: Re: [GNC-dev] New OFX Requirements For USAA FSB
> Message-ID: <51978ee3-4e76-447e-93ad-c2814a7a3ecb at me.com>
> Content-Type: text/plain;    charset=utf-8;    format=flowed
>
> Thanks, John,
>
>
> Not mentioned in your emails is the response from USAA: A webpage reporting a server error instead of the usual 50x HTTP response code.
>
> I do see a 400 in the Online Banking Transaction Window when attempting to download transactions in GNC:
>
> AqBanking v6.2.5.0stable
> Sending jobs to the bank(s)
> Sorting commands by account
> Sorting commands by account
> Sorting commands by provider
> Send commands to providers
> Send commands to provider "aqofxconnect"
> Locking customer "4563"
> Sending request...
> Connecting to server...
> Resolving hostname "df3cx-services.1fsapi.com" ...
> IP address is "45.60.151.211"
> Connecting to "df3cx-services.1fsapi.com"
> Connected to "df3cx-services.1fsapi.com"
> Using GnuTLS default ciphers.
> TLS: SSL-Ciphers negotiated: TLS1.3:ECDHE-RSA-AES-128-GCM:AEAD
> Connected.
> Sending message...
> Message sent.
> Waiting for response...
> Receiving response...
> HTTP-Status: 400 (Bad Request)
> Unlocking customer "4563"
> ?
>
> Also not mentioned in your emails: I suppose that you were able to download your transactions successfully with Quicken. Do you think you could install Wireshark (https://www.wireshark.org/#download) and collect what Quicken is sending?
>
> It's been a while since I used Wireshark, but I did?install install it. ?Everything captured is encrypted. ?I've never decrypted TLS in ?Wireshark before. ?Is there a tutorial available that doesn't require the use of Chrome or Netscape so I can capture while using the Quicken app?
>
> If not, I guess I could try?the Quicken?Web interface via Chrome or Netscape and capture things that way.
>
> Bob
>
>
>
>
> ------------------------------
>
> Message: 4
> Date: Fri, 29 Jan 2021 20:11:44 -0800
> From: John Ralls <jralls at ceridwen.us>
> To: Bob White <white.b at me.com>
> Cc: GNUCASH devel <gnucash-devel at gnucash.org>, Martin Preuss
> 	<martin at aqbanking.de>
> Subject: Re: [GNC-dev] New OFX Requirements For USAA FSB
> Message-ID: <C4429B5C-0ED1-4942-9EA9-850EDE4D3458 at ceridwen.us>
> Content-Type: text/plain;	charset=us-ascii
>
>
>
>> On Jan 29, 2021, at 4:11 PM, Bob White <white.b at me.com> wrote:
>>
>> Thanks, John,
>>
>>> Not mentioned in your emails is the response from USAA: A webpage reporting a server error instead of the usual 50x HTTP response code.
>> I do see a 400 in the Online Banking Transaction Window when attempting to download transactions in GNC:
>>
>> AqBanking v6.2.5.0stable
>> Sending jobs to the bank(s)
>> Sorting commands by account
>> Sorting commands by account
>> Sorting commands by provider
>> Send commands to providers
>> Send commands to provider "aqofxconnect"
>> Locking customer "4563"
>> Sending request...
>> Connecting to server...
>> Resolving hostname "df3cx-services.1fsapi.com" ...
>> IP address is "45.60.151.211"
>> Connecting to "df3cx-services.1fsapi.com"
>> Connected to "df3cx-services.1fsapi.com"
>> Using GnuTLS default ciphers.
>> TLS: SSL-Ciphers negotiated: TLS1.3:ECDHE-RSA-AES-128-GCM:AEAD
>> Connected.
>> Sending message...
>> Message sent.
>> Waiting for response...
>> Receiving response...
>> HTTP-Status: 400 (Bad Request)
>> Unlocking customer "4563"
>>   
>>> Also not mentioned in your emails: I suppose that you were able to download your transactions successfully with Quicken. Do you think you could install Wireshark (https://www.wireshark.org/#download) and collect what Quicken is sending?
>> It's been a while since I used Wireshark, but I did install install it.  Everything captured is encrypted.  I've never decrypted TLS in  Wireshark before.  Is there a tutorial available that doesn't require the use of Chrome or Netscape so I can capture while using the Quicken app?
>>
>> If not, I guess I could try the Quicken Web interface via Chrome or Netscape and capture things that way.
> Dang, I didn't think of encryption. I don't know how to do that, and since Quicken
>
> The Quicken web interface is I think different from OFX Direct Connect. If it's OFX Web Connect then it handles authentication differently and that's probably at least part of the problem.
>
> I found a quicken community discussion that suggests that Quicken for Windows used IE to connect, so I'd imagine that Quicken for Mac would use WebKit. I don't know if Apple's installed WebKit uses openssl, but it might, in which case it might be possible to get a key log for the Quicken session. Total speculation, I've never done anything remotely like this.
>
> Regards,
> John Ralls
>
>
>
> ------------------------------
>
> Message: 5
> Date: Sat, 30 Jan 2021 07:19:14 +0100
> From: Thomas Baumgart <thb at kmymoney.org>
> To: gnucash-devel at gnucash.org
> Subject: Re: [GNC-dev] New OFX Requirements For USAA FSB
> Message-ID: <2183256.ElGaqSPkdT at thb-nb>
> Content-Type: text/plain; charset="us-ascii"
>
> On Samstag, 30. Januar 2021 05:11:44 CET John Ralls wrote:
>
>>> On Jan 29, 2021, at 4:11 PM, Bob White <white.b at me.com> wrote:
>>>
>>> Thanks, John,
>>>
>>>> Not mentioned in your emails is the response from USAA: A webpage reporting a server error instead of the usual 50x HTTP response code.
>>> I do see a 400 in the Online Banking Transaction Window when attempting to download transactions in GNC:
>>>
>>> AqBanking v6.2.5.0stable
>>> Sending jobs to the bank(s)
>>> Sorting commands by account
>>> Sorting commands by account
>>> Sorting commands by provider
>>> Send commands to providers
>>> Send commands to provider "aqofxconnect"
>>> Locking customer "4563"
>>> Sending request...
>>> Connecting to server...
>>> Resolving hostname "df3cx-services.1fsapi.com" ...
>>> IP address is "45.60.151.211"
>>> Connecting to "df3cx-services.1fsapi.com"
>>> Connected to "df3cx-services.1fsapi.com"
>>> Using GnuTLS default ciphers.
>>> TLS: SSL-Ciphers negotiated: TLS1.3:ECDHE-RSA-AES-128-GCM:AEAD
>>> Connected.
>>> Sending message...
>>> Message sent.
>>> Waiting for response...
>>> Receiving response...
>>> HTTP-Status: 400 (Bad Request)
>>> Unlocking customer "4563"
>>>   
>>>> Also not mentioned in your emails: I suppose that you were able to download your transactions successfully with Quicken. Do you think you could install Wireshark (https://www.wireshark.org/#download) and collect what Quicken is sending?
>>> It's been a while since I used Wireshark, but I did install install it.  Everything captured is encrypted.  I've never decrypted TLS in  Wireshark before.  Is there a tutorial available that doesn't require the use of Chrome or Netscape so I can capture while using the Quicken app?
>>>
>>> If not, I guess I could try the Quicken Web interface via Chrome or Netscape and capture things that way.
>> Dang, I didn't think of encryption. I don't know how to do that, and since Quicken
>>
>> The Quicken web interface is I think different from OFX Direct Connect. If it's OFX Web Connect then it handles authentication differently and that's probably at least part of the problem.
>>
>> I found a quicken community discussion that suggests that Quicken for Windows used IE to connect, so I'd imagine that Quicken for Mac would use WebKit. I don't know if Apple's installed WebKit uses openssl, but it might, in which case it might be possible to get a key log for the Quicken session. Total speculation, I've never done anything remotely like this.
> You cannot do that without breaking the security. Wireshark can decrypt the traffic, but you need the private key of the server certificate (and I doubt that you will be able to get a hold of it).
>
> The other method is to use a proxy that intercepts the traffic (mitm). Tools like ZAP (https://owasp.org/www-project-zap/) or the Burp Suite (https://portswigger.net/burp) would be something to look into. Be warned: if you don't clean up after you're done, using these methods may leave a security hole on your system!
>
> Other than that, I am also interested in your findings as this problem also applies to other applications using AqBanking/LibOFX.
>

More information about the gnucash-devel mailing list