i was trying this week to automate all bank transfers i do, by using php curl and giving to the server a list of IBAN so it can add IBAN directly than do a transfer amount defined in the same list to each IBAN respectively. As for now, i can log in to the bank website using PHP CURL by posting the same requests my browser would do, the only problem i had so far, is when i try to add IBAN by replaying the same request the server seems to ignore all my posted data, and just send back a page to fill the information without specifying if there was an error, it should return a page of confirmation. My bank doesn't provide any solution like this for free, the only solution is to provide this to my bank which takes a week to be done, so i have to work it on my own.
This is the post data sent by the browser:
22:50:29.852[532ms][total 532ms] Status: 303[See Other]
POST https://----------------- Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Content Size[0] Mime Type[text/html]
Request Headers:
Host[]
User-Agent[Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:48.0) Gecko/20100101 Firefox/48.0]
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
Accept-Language[en-US,en;q=0.5]
Accept-Encoding[gzip, deflate, br]
DNT[1]
Referer[]
Cookie[]
Connection[keep-alive]
Post Data:
dialogActionPerformed[NEXT]
taskOID[0153b9d514b35d5c837b347dd88e2e68db91]
taskInfoOID[creerBenef]
screenName[ibp.cd.qbel.abocrb10affgestben.screen_HTML_INTERNET%3AAffGestBen.CreerModifBenef]
validationStrategy[AV]
formModified[true]
token[9e72005db5c4d37a5ab76cc681e30fb8d6]
beneficiaire.nom[denis+turq]
attribute%28%24SEL_%24lst1%29[*NEW*]
attribute%28%24SEL_%24lst1_hidden%29[lst1%24listeGroupes%24beneficiaire.groupe%24]
groupeACreer.nom[Virementafaire]
attribute%28%24SEL_CODE_%24clm1%29[VD]
attribute%28%24SEL_CODE_%24clm1_hidden%29[clm1%24groupeACreer.nature%24]
beneficiaire.matricule[]
beneficiaire.adresseBenef1[]
beneficiaire.adresseBenef2[]
beneficiaire.adresseBenef3[]
beneficiaire.email[]
attribute%28%24SEL_CODE_%24lst3%29[000]
attribute%28%24SEL_CODE_%24lst3_hidden%29[lst3%24beneficiaire.cboPaysBanque%24]
beneficiaire.IBAN9.IBAN_part1[FR34]
beneficiaire.IBAN9.IBAN_part2[3000]
beneficiaire.IBAN9.IBAN_part3[2040]
beneficiaire.IBAN9.IBAN_part4[4700]
beneficiaire.IBAN9.IBAN_part5[0005]
beneficiaire.IBAN9.IBAN_part6[8434]
beneficiaire.IBAN9.IBAN_part7[J16]
Response Headers:
Date[Sun, 27 Mar 2016 20:50:30 GMT]
Server[IWS]
Strict-Transport-Security[max-age=31536000]
Pragma[no-cache]
Cache-Control[no-cache,no-store]
Expires[-1]
Location[/cyber/internet/ContinueTask.do?taskOID=0153b9d514b35d5c837b347dd88e2e68db91&screenName=ibp.cd.qbel.abocrb10affgestben.screen_HTML_INTERNET%3AAffGestBen.CreerModifBenef&dialogActionPerformed=NEXT&token=9e72005db5c4d37a5ab76cc681e30fb8d6]
Content-Length[0]
Content-Type[text/html; charset=iso-8859-15]
Content-Language[fr-FR]
Keep-Alive[timeout=8, max=300]
Connection[Keep-Alive]
and this is the code php i use to replay the same post request :
$nom=urlencode("denis turq");
$iban="FR34 3000 2040 4700 0005 8434 J16";
$list = explode(" ", $iban);
$postdata="dialogActionPerformed=NEXT&taskOID=". $html->find('input',1)->value ."&taskInfoOID=creerBenef&screenName=ibp.cd.qbel.abocrb10affgestben.screen_HTML_INTERNET%3AAffGestBen.CreerModifBenef&validationStrategy=AV&formModified=true&token=".$html->find('input', 6)->value ."&beneficiaire.nom=". $nom ."&attribute%28%24SEL_%24lst1%29=*NEW*&attribute%28%24SEL_%24lst1_hidden%29=lst1%24listeGroupes%24beneficiaire.groupe%24&groupeACreer.nom=Virementafaire&attribute%28%24SEL_CODE_%24clm1%29=VD&attribute%28%24SEL_CODE_%24clm1_hidden%29=clm1%24groupeACreer.nature%24&beneficiaire.matricule=&beneficiaire.adresseBenef1=&beneficiaire.adresseBenef2=&beneficiaire.adresseBenef3=&beneficiaire.email=&attribute%28%24SEL_CODE_%24lst3%29=000&attribute%28%24SEL_CODE_%24lst3_hidden%29=lst3%24beneficiaire.cboPaysBanque%24&beneficiaire.IBAN9.IBAN_part1=". $list[0]."&beneficiaire.IBAN9.IBAN_part2=". $list[1]."&beneficiaire.IBAN9.IBAN_part3=". $list[2]."&beneficiaire.IBAN9.IBAN_part4=".$list[3] ."&beneficiaire.IBAN9.IBAN_part5=".$list[4] ."&beneficiaire.IBAN9.IBAN_part6=". $list[5]."&beneficiaire.IBAN9.IBAN_part7=". $list[6];
$url="https://------------------";
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
$request_headers = array();
$request_headers[] = 'DNT: 1';
$request_headers[] = 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8';
$request_headers[] = 'Content-Type: application/x-www-form-urlencoded';
curl_setopt($ch, CURLOPT_HTTPHEADER, $request_headers);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 50);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_TIMEOUT, 50);
curl_setopt($ch, CURLOPT_COOKIEFILE, realpath('./cookies/'.$cookie));
curl_setopt($ch, CURLOPT_COOKIEJAR, realpath('./cookies/'.$cookie));
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch,CURLOPT_POSTFIELDS, $postdata);
$data = curl_exec($ch);
I removed the host, referrer and cookies because they are practicaly the same, one more thing when i change a name of any variable in the posted data by php, the server returns an error, i can provide my teamviewer by private message in extreme conditions, if it seems that the problem comes from something else.
Thank you for your help.
