This is a description of the HTTP calls you need to make to achieve the log-in and account information retrieval I showed in my recent video.
Note that the content of cookies and session variables will be different each time, but examples are included here to illustrate what it going on.
Please let me know if you have similar information about a different online bank or find that this doesn’t work for you for some reason!
Getting to the login page
You can skip the HSBC homepage altogether and make a GET to:
http://www.hsbc.co.uk/1/2/HSBCINTEGRATION/
even without any cookies set. The response sets these cookies:
Set-Cookie: HSBC_COOKIEMI=e7f408d0-75f9-11de-8a43-000408000305;Domain=;Expires=Sun, 20-Jul-2014 13:25:06 GMT;Path=/ Set-Cookie: CAMToken=GCPyfe4/i1TFoVS3L/z4qRhzbNs=;Path=/1; Secure Set-Cookie: piba=73472940.21248.0000; path=/
Submitting your Internet Banking number
Now POST to:
https://www.hsbc.co.uk/1/2/;jsessionid=0000EzVqNO88EsWt4lhQhIBMHVE:12c58sh8k?idv_cmd=idv.CustomerMigration
Note the jsessionid=... on the end of the URL, which is different for each session; the POSTed content:
userid=IBxxxxxxxxxx&StartMigration=
The response is a 302 to (note the doubled jsessionid):
https://www.hsbc.co.uk/1/2/!ut/p/kcxml/04_Sj9SPykssy0xPLMnMz0vM0Y_QjzKLN4o38nYFSZnFm8cbm-pHmsWbxjt7QkQM4h3hAkH6BbmhEeWOiooAtvLMKw!!;jsessionid=0000EzVqNO88EsWt4lhQhIBMHVE:12c58sh8k;jsessionid=0000EzVqNO88EsWt4lhQhIBMHVE:12c58sh8k
that sets this cookie:
Set-Cookie: CAMToken=ItaH8ksgEuKY6vv6YC5nRJSTiEg=;Path=/1; Secure
The bits of your PIN that the system wants are contained in this structure in the content:
<div class="extPibRow hsbcRow">
<div class="logonPageAlignment">
<strong>The</strong>
<span class="hsbcTextHighlight"> <strong>FIRST</strong></span>
<strong>and</strong>
<span class="hsbcTextHighlight"> <strong>NEXT TO LAST</strong></span>
<strong>and</strong>
<span class="hsbcTextHighlight"> <strong>LAST</strong></span>
Submitting login details
POST to:
https://www.hsbc.co.uk/1/2/;jsessionid=0000PPUs1fHtg7XOIHMqjvIsoHW:11j74lld0;jsessionid=0000PPUs1fHtg7XOIHMqjvIsoHW:11j74lld0?idv_cmd=idv.Authentication
with content:
userid=IBxxxxxxxxxx&memorableAnswer=xxxxxx&password=xxx
memorableAnswer is date-of-birth formatted ddmmyy
The response is a 302 with this location:
https://www.hsbc.co.uk/1/2/!ut/p/kcxml/04_Sj9SPykssy0xPLMnMz0vM0Y_QjzKLN4w38nYFSZnFm8cbm-pHoggZxDuiiZjEm7khhIL0C3JDQyPKHRUBimrSIQ!!;jsessionid=0000PPUs1fHtg7XOIHMqjvIsoHW:11j74lld0;jsessionid=0000PPUs1fHtg7XOIHMqjvIsoHW:11j74lld0
which sets these cookies:
Set-Cookie: CAMToken=1HOPXe7zOn2qQ/dp28qb1yeozS0=;Path=/1; Secure
Continuing with login
An additional step happens due to the JavaScript in the page. There is a GET to:
https://www.hsbc.co.uk/1/2/personal/internet-banking;jsessionid=0000PPUs1fHtg7XOIHMqjvIsoHW:11j74lld0;jsessionid=0000PPUs1fHtg7XOIHMqjvIsoHW:11j74lld0?BlitzToken=blitz
The response is a 200.
What you can get once you’re logged in – example – accounts’ balance
The account summary information on the left-hand column is in a structure like this:
<div id="jsAccountDetails" class="hsbcDivletBoxContent"> <div class="hsbcDivletBoxTitle" id="jsHideAccounts" style="display: none;"> <div class="hsbcDivletBoxRow"> <a title="Hide my balances summary" onkeypress="this.onclick" onclick="hideAccounts(); return false;" href="#" class="hsbcDivletBoxRowText"> <span class="hsbcDivletBoxRowImage"> <img border="0" title="Hide my balances summary" src="/1/themes/html/hsbc_ukpersonal_ib/icon_balances.gif"/> </span> <span>Hide balances</span> </a></div> <div class="hsbcSeparator"/></div> <div class="hsbcDivletBoxRow hsbcDivletBoxRowNoLink"> <span class="hsbcDivletBoxRowText"> <strong>GRAD PLUS</strong> </span></div> <div class="hsbcDivletBoxRow hsbcDivletBoxRowNoLink"> <span class="hsbcDivletBoxRowText">LISTER JR</span></div> <div class="hsbcDivletBoxRow hsbcDivletBoxRowNoLink"> <span class="hsbcDivletBoxRowText"> 40-27-16 91466410 </span></div> <div class="hsbcDivletBoxRow hsbcDivletBoxRowNoLink"> <span class="hsbcDivletBoxRowText"> <strong> £ xx.xx C</strong> </span></div> <div class="hsbcSeparator"></div> </div> </div>
5 Comments
now could you tell me the final three digits on the bank of your card?
—-
george agdgdgwngo
Are well I only wanted to log on to my internet banking but how on earth do I do that now
Why Does My Internet Bank Suck? Please help me !
You really make it appear so easy together with your presentation but I find this topic to be actually something which I feel I’d never understand. It seems too complicated and extremely wide for me. I’m having a look ahead to your next submit, I?ll try to get the dangle of it!
hi…
2 Trackbacks/Pingbacks
[...] How-to log into HSBC online banking from the command-line « Jay by Jay Fresh http://www.jaybyjayfresh.com/2009/08/14/how-to-log-into-hsbc-online-banking-from-the-command-line/ – view page 14 Aug 2009 … https://www.hsbc.co.uk/1/2/personal/internet-banking … Are well I only wanted to log on to my internet banking but how on earth do I do Related Posts:Internet Banking: Our online banking service: HSBC Bank UKPersonal banking: Bank Accounts, Mortgages, Online | HSBC Bank UKBusiness Internet Banking: Business Banking: HSBC UKHSBC.comBusiness Home: HSBC UK [...]
[...] How-to log into HSBC online banking from the command-line « Jay by Jay Fresh [...]