How-to log into HSBC online banking from the command-line

This is a description of the HTTP calls you need to make to achieve the log-in and account information retrieval I showed in my recent video.

Note that the content of cookies and session variables will be different each time, but examples are included here to illustrate what it going on.

Please let me know if you have similar information about a different online bank or find that this doesn’t work for you for some reason!

Getting to the login page

You can skip the HSBC homepage altogether and make a GET to:

http://www.hsbc.co.uk/1/2/HSBCINTEGRATION/

even without any cookies set. The response sets these cookies:

Set-Cookie: HSBC_COOKIEMI=e7f408d0-75f9-11de-8a43-000408000305;Domain=;Expires=Sun, 20-Jul-2014 13:25:06 GMT;Path=/
Set-Cookie: CAMToken=GCPyfe4/i1TFoVS3L/z4qRhzbNs=;Path=/1; Secure
Set-Cookie: piba=73472940.21248.0000; path=/

Submitting your Internet Banking number

Now POST to:

https://www.hsbc.co.uk/1/2/;jsessionid=0000EzVqNO88EsWt4lhQhIBMHVE:12c58sh8k?idv_cmd=idv.CustomerMigration

Note the jsessionid=... on the end of the URL, which is different for each session; the POSTed content:

userid=IBxxxxxxxxxx&StartMigration= 

The response is a 302 to (note the doubled jsessionid):

https://www.hsbc.co.uk/1/2/!ut/p/kcxml/04_Sj9SPykssy0xPLMnMz0vM0Y_QjzKLN4o38nYFSZnFm8cbm-pHmsWbxjt7QkQM4h3hAkH6BbmhEeWOiooAtvLMKw!!;jsessionid=0000EzVqNO88EsWt4lhQhIBMHVE:12c58sh8k;jsessionid=0000EzVqNO88EsWt4lhQhIBMHVE:12c58sh8k

that sets this cookie:

Set-Cookie: CAMToken=ItaH8ksgEuKY6vv6YC5nRJSTiEg=;Path=/1; Secure

The bits of your PIN that the system wants are contained in this structure in the content:

<div class="extPibRow hsbcRow">
<div class="logonPageAlignment">

         <strong>The</strong>
         <span class="hsbcTextHighlight">&#160;<strong>FIRST</strong></span>
         &nbsp;<strong>and</strong>
         <span class="hsbcTextHighlight">&#160;<strong>NEXT TO LAST</strong></span>
         &nbsp; <strong>and</strong>
         <span class="hsbcTextHighlight">&#160;<strong>LAST</strong></span>

Submitting login details

POST to:

https://www.hsbc.co.uk/1/2/;jsessionid=0000PPUs1fHtg7XOIHMqjvIsoHW:11j74lld0;jsessionid=0000PPUs1fHtg7XOIHMqjvIsoHW:11j74lld0?idv_cmd=idv.Authentication

with content:

userid=IBxxxxxxxxxx&memorableAnswer=xxxxxx&password=xxx

memorableAnswer is date-of-birth formatted ddmmyy
The response is a 302 with this location:

https://www.hsbc.co.uk/1/2/!ut/p/kcxml/04_Sj9SPykssy0xPLMnMz0vM0Y_QjzKLN4w38nYFSZnFm8cbm-pHoggZxDuiiZjEm7khhIL0C3JDQyPKHRUBimrSIQ!!;jsessionid=0000PPUs1fHtg7XOIHMqjvIsoHW:11j74lld0;jsessionid=0000PPUs1fHtg7XOIHMqjvIsoHW:11j74lld0

which sets these cookies:

Set-Cookie: CAMToken=1HOPXe7zOn2qQ/dp28qb1yeozS0=;Path=/1; Secure

Continuing with login

An additional step happens due to the JavaScript in the page. There is a GET to:

https://www.hsbc.co.uk/1/2/personal/internet-banking;jsessionid=0000PPUs1fHtg7XOIHMqjvIsoHW:11j74lld0;jsessionid=0000PPUs1fHtg7XOIHMqjvIsoHW:11j74lld0?BlitzToken=blitz

The response is a 200.

What you can get once you’re logged in – example – accounts’ balance

The account summary information on the left-hand column is in a structure like this:

<div id="jsAccountDetails" class="hsbcDivletBoxContent">
<div class="hsbcDivletBoxTitle" id="jsHideAccounts" style="display: none;">
<div class="hsbcDivletBoxRow">
			<a title="Hide my balances summary" onkeypress="this.onclick" onclick="hideAccounts(); return false;" href="#" class="hsbcDivletBoxRowText">
				<span class="hsbcDivletBoxRowImage">
					<img border="0" title="Hide my balances summary" src="/1/themes/html/hsbc_ukpersonal_ib/icon_balances.gif"/>
				</span>
				<span>Hide balances</span>
			</a></div>
<div class="hsbcSeparator"/></div>
<div class="hsbcDivletBoxRow hsbcDivletBoxRowNoLink">
			<span class="hsbcDivletBoxRowText">
				<strong>GRAD PLUS</strong>
			</span></div>
<div class="hsbcDivletBoxRow hsbcDivletBoxRowNoLink">
			<span class="hsbcDivletBoxRowText">LISTER JR</span></div>
<div class="hsbcDivletBoxRow hsbcDivletBoxRowNoLink">
			<span class="hsbcDivletBoxRowText">			40-27-16 91466410			</span></div>
<div class="hsbcDivletBoxRow hsbcDivletBoxRowNoLink">
			<span class="hsbcDivletBoxRowText">
				<strong> £ xx.xx  C</strong>
			</span></div>
<div class="hsbcSeparator"></div>
</div>
</div>
About these ads

2 Comments

  1. Posted August 27, 2009 at 1:44 pm | Permalink

    now could you tell me the final three digits on the bank of your card?
    —-
    george agdgdgwngo

  2. Jean Spode
    Posted September 19, 2009 at 1:11 am | Permalink

    Are well I only wanted to log on to my internet banking but how on earth do I do that now


One Trackback/Pingback

  1. [...] How-to log into HSBC online banking from the command-line « Jay by Jay Fresh http://www.jaybyjayfresh.com/2009/08/14/how-to-log-into-hsbc-online-banking-from-the-command-line/ – view page 14 Aug 2009 … https://www.hsbc.co.uk/1/2/personal/internet-banking … Are well I only wanted to log on to my internet banking but how on earth do I do Related Posts:Internet Banking: Our online banking service: HSBC Bank UKPersonal banking: Bank Accounts, Mortgages, Online | HSBC Bank UKBusiness Internet Banking: Business Banking: HSBC UKHSBC.comBusiness Home: HSBC UK [...]

Follow

Get every new post delivered to your Inbox.