2

My bank has a mobile site that I want to log into automatically. This is the webpage https://ib.absa.co.za/ib/AuthenticateW.do?icmpid=BAC00414.

Here is my code so far.

    browser = (WebView)findViewById(R.id.webView1);
    browser.getSettings().setJavaScriptEnabled(true);

        ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(2);
        nameValuePairs.add(new BasicNameValuePair("AccessAccount", "my_account_nr"));
        nameValuePairs.add(new BasicNameValuePair("PIN", "my_pin"));

        try {
            browser.loadData(CustomHttpClient.executeHttpPost(BASE_URL, nameValuePairs), "text/html", "utf-8");
        } catch (Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

BASE_URL is the link at the top. I got the CustomHttpClient from http://code.google.com/p/virtualwalks/source/browse/trunk/virtualwalks/project7/Android/CustomHttpClient.java?spec=svn177&r=177

Here is the webpage headers:

Request URL:https://ib.absa.co.za/ib/AuthenticateW.do?icmpid=BAC00414

Request Method:GET

Status Code:200 OK

Request Headersview source

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8

Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3

Accept-Encoding:gzip,deflate,sdch

Accept-Language:en-US,en;q=0.8,af;q=0.6

Connection:keep-alive

Host:ib.absa.co.za

Referer:http://www.absa.mobi/

User-Agent:Mozilla/5.0 (Linux; U; Android 2.3.6; en-us; Nexus S Build/GRK39F) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1

Query String Parametersview URL encoded

icmpid:BAC00414

Response Headersview source

Cache-Control:no-cache, must-revalidate

Connection:Keep-Alive

Content-Encoding:gzip

Content-Language:en-US

Content-Type:text/html;charset=ISO-8859-1

Date:Wed, 10 Oct 2012 07:57:50 GMT

Expires:Sun, 12 Jul 1970 2:00:00 GMT

Keep-Alive:timeout=10, max=20

Pragma:no-cache

Set-Cookie:JSESSIONID=0000CTls0Onsd_DJkBrN0FLy9eq:11l21e8a2; Path=/ib; Domain=absa.co.za;Secure

Transfer-Encoding:chunked

Vary:Accept-Encoding,User-Agent

and the html code:

<html>

Absa Mobile Banking 

<body text="#000000" bgcolor="#FFFFFF">
    <p align="left" style="text-align:left;" class="pgHeadTop"><img src="/ib/images/wap/menu/absa_98x27.gif" alt="Logo" border="0"> <p align="left" style="text-align:left;" class="pgHeadBottom">Logon </p>

        <form action="https://vs1.absa.co.za/ib/AuthenticateW.do;jsessionid=0000CTls0Onsd_DJkBrN0FLy9eq:11l21e8a2" method="post" autocomplete="OFF"><input type="hidden" name="_channelIdentifier_" value="W">


                <p align="left" style="text-align:left;">
                    <p align="left" style="text-align:left;" class="tooltip">Enter your access account number</p>
                    <input type="text" name="AccessAccount" value="" maxlength="16" size ="16" istyle="4">
                </p>

            <p align="left" style="text-align:left;">
                <p align="left" style="text-align:left;" class="tooltip">Enter your PIN</p>
                <input type="password" name="PIN" value="" maxlength="5" size ="5" istyle="4">
            </p>
            <p align="left" style="text-align:left;">
                <p align="left" style="text-align:left;" class="tooltip">Enter your user number</p>
                <input type="text" name="user" value="1" maxlength="4" size ="5" istyle="4">
            </p>
            <p align="left" style="text-align:left;">
                <p align="left" style="text-align:left;" class="heading">It is your responsibility to ensure the secrecy of your PIN number.</p>
            </p>
            <p align="left" style="text-align:left;">
                <input type="submit" name="button_processPIN" value="Next &gt;" /><input type="hidden" name="processPIN_params" value="controller=com.sirius.apps.ib.view.wap.user.AuthenticateCntrl&amp;state=processPIN"/><input type="hidden" name="processPIN_encoding" value="u"/><input type="hidden" name="cmd" value="button"/>
            </p>
            <input type="hidden" name="AUTH_RND" value="a2f7ea6e">
            <input type="hidden" name="JAVASCRIPT" value="Y">
            <input type="hidden" name="LOGON" value="1">
        </form>
        <p align="left" style="text-align:left;" class="pageFooter"><a href="https://ib.absa.co.za/ib/RegisterW.do;jsessionid=0000CTls0Onsd_DJkBrN0FLy9eq:11l21e8a2?_Uid_=1&amp;_channelIdentifier_=W&amp;_language_=en" style="color:#FFFFFF;">Register</a> | <a href="https://ib.absa.co.za/ib/ContactUsW.do;jsessionid=0000CTls0Onsd_DJkBrN0FLy9eq:11l21e8a2?_Uid_=1&amp;_channelIdentifier_=W&amp;_language_=en" style="color:#FFFFFF;">Contact</a> | </p><p align="right" style="text-align:right;" class="body"><img src="/ib/images/wap/menu/barclays_84x25.gif" alt="Barclays" border="0"></p>



</body>

If I run the program it just loads the login page.

Just hoping someone could shed some light on this and if it's possible to do, or if my code is faulty/lacking/silly.

LeftOfHere
  • 43
  • 6

1 Answers1

0

They probably match the user-agent and you probably don't have a valid user agent when using this custom http client.

Set the user-agent to the same that your android browser uses and you should be able to load the page.

One possible value for this is:

Mozilla/5.0 (Linux; U; Android 1.1; en-gb; dream) AppleWebKit/525.10+ (KHTML, like Gecko) Version/3.0.4 Mobile Safari/523.12.2 – G1 Phone

Otherwise, get it programatically: Retrieve User-Agent programmatically

Community
  • 1
  • 1
Pedro Loureiro
  • 11,436
  • 2
  • 31
  • 37
  • Thanks for the reply, but that wasn't it. I got a bit further by changing the BASE_URL to https://ib.absa.co.za/ib/AuthenticateW.do;jsessionid=0000jZVR5d-ZE4uCMrzIGIW_euZ:11I9gc802?_channelIdentifier_=W&_language_=en, but now it just loads the login page and ignores my auto log in attempts. Any thoughts on that would be appreciated. – LeftOfHere Oct 08 '12 at 15:04