Reply to topic

Online Banking... host not found...

Steve4242
Registered Member
Posts
3
Karma
0

Online Banking... host not found...

Sun Jan 20, 2019 1:54 pm
I'm just switching from Quicken to kmymoney and one of my key banks is shown in the supported list of institutions, but the instant it goes for update, I get 'host not found'. I use this institution in Q with no problems. Calls to the institution have been met by script reading drones that tell me this is not supported. FWIW, here is the institution specifics from kmymoney.

Details for Hudson Valley FCU:
Fipid: 695
URL: https://internetbanking.hvfcu.org/ofx/ofx.dll
Org: Hudson Valley FCU
Fid: 10767
Supports online statements
Supports investments

I tried farting around a little with the 'header versions' and 'Identify as' in the pull downs with no luck. I'm using 4.8.0 in win10.

Is there is simple way I can snoop the address Quicken is using??

Tx in advance for any tips...
User avatar ipwizard
KDE Developer
Posts
627
Karma
3
OS
The host internetbanking.hvfcu.org is in fact not known on the internet (DNS=Domain Name System). According to OFX Home the URL you use is broken since 2015.
Code: Select all
~/devel/kmymoney (5.0)$ ping internetbanking.hvfcu.org
ping: internetbanking.hvfcu.org: Name or service not known
Howto get a hold of the correct hostname? Use Wireshark and analyze the DNS requests and responses while you do banking with Q. That unveils at least the hostname. Did you ever contact their customer support (though usually this is a dead end)?

Hope that helps.


ipwizard, proud to be a member of the KMyMoney forum since its beginning. :-D
openSuSE Leap 15.0 64bit, KF5
Steve4242
Registered Member
Posts
3
Karma
0
Wireshark..... You have just given a chainsaw to a 7 year old ;D

I'm definitely in over my head with this tool, but if I bracket the tracing to a quicken lookup for just this account, I don't even see any DNS requests. I wonder if those dogs at Q keep the host names on their own server to prevent snooping?

I do have a ticket into the bank, but I expect it to prove fruitless. I wonder where the developers get the data from???
User avatar ostroffjh
Registered Member
Posts
36
Karma
0
OS
Well, if you look at ofxhome.com, it shows that the info for hvfcu was Last validated on July 2nd, 2015 due to invalid URL, although the next attempt is not listed until MArch 10, 2018. It also shows a security certificate problem.
If you do limit the wireshark capture to the Q update, hopefully you can find some other address xxxx for xxxx.hvfcu.org. Either that, or maybe they have outsourced their OFX handling, so the URL will be completely different.
Have you looked at https://www.hvfcuonline.org/onlineserv/ ... gister.cgi? The header says Hawaii State FCU, but all the text says Hudson Valley FCU. I woudn't enter any personal info without confirming who the site really belongs to, but it might provide a lead.
Finally, out of curiosity - try using ib.hvfcu.org. I found that by searching for subdomains of hvfcu.org. It sounds like internetbanking shortened.
User avatar ipwizard
KDE Developer
Posts
627
Karma
3
OS
Steve4242 wrote:Wireshark..... You have just given a chainsaw to a 7 year old ;D

It's probably more of a gigantic looking glass because you cannot do any harm with it compared to using a chainsaw. :D I'd call sudo rm -rf / a real chainsaw.
Steve4242 wrote:I'm definitely in over my head with this tool, but if I bracket the tracing to a quicken lookup for just this account, I don't even see any DNS requests. I wonder if those dogs at Q keep the host names on their own server to prevent snooping?

I doubt that, but it could well be. Look for traffic on tcp port 443 (filter expression for wireshark would be 'tcp.port == 443') while you do the update. Using the IP-address of the distant end of the connection one could possibly find out the name to use (we call it reverse DNS lookup and you could do it e.g. via http://dnsgoodies.com/). Also the wireshark menu option Statistics->Conversations gives you an overview of what was recorded. Maybe, you spot something there.
Steve4242 wrote:I do have a ticket into the bank, but I expect it to prove fruitless. I wonder where the developers get the data from???

Would be cool if you could let us know what they come up with.


ipwizard, proud to be a member of the KMyMoney forum since its beginning. :-D
openSuSE Leap 15.0 64bit, KF5
Steve4242
Registered Member
Posts
3
Karma
0
>Have you looked at https://www.hvfcuonline.org/onlineserv/ ... gister.cgi? The header says Hawaii State FCU, but all the text says Hudson Valley FCU. I woudn't enter any >personal info without confirming who the site really belongs to, but it might provide a lead.
>Finally, out of curiosity - try using ib.hvfcu.org. I found that by searching for subdomains of hvfcu.org. It sounds like internetbanking shortened.

Very interesting on the Hawaii CU. When viewed with a browser, even the https validates as the hudson valley credit union. I tried https://ib.hvfcu.org/ofx/ofx.dll, it did look like it got futher, but ended in: "Could not connect to host www.hvfcuonline.org: SSL negotiation failed."

> traffic on tcp port 443
Ah, the specific wireshark filter was a help here....

There are a bunch of faulty exchanges to an IP that does not show up in a dns loopup.
103 5.542160 52.114.158.91 192.168.0.100 TCP 64 443 → 64649 [ACK] Seq=4198 Ack=11814 Win=262656 Len=0 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

There looks to be a valid exchange to 63.172.234.77 which is registered to a company that provides inline banking services to credit unions (!). But even if this were the the right address, one would have to mine out the full path. I'm sure you IP gurus can do it, but not me! I do know just enough unix to know rm -r is really bad, and no warning show in unix either!
User avatar ipwizard
KDE Developer
Posts
627
Karma
3
OS
It seems, that the name is an intermediate name. The name to be used seems to be ofxdc.prd1.ncr.com. Could be, that other traffic is rejected/dropped.

Code: Select all
ofxdc.prd1.ncr.com.     300     IN      CNAME   ofxdi.prd1.lb.digitalinsight.com.
ofxdi.prd1.lb.digitalinsight.com. 30 IN A       63.172.234.77

I found the TLS certificate to be issued for that name connecting to the server. The full path can only be found with tools like ZAP (https://www.owasp.org/index.php/OWASP_Z ... xy_Project) which allows you to see the un-encrypted traffic on your local machine. We might be able to help to analyze any traced data but we cannot create the trace.


ipwizard, proud to be a member of the KMyMoney forum since its beginning. :-D
openSuSE Leap 15.0 64bit, KF5

 
Reply to topic

Bookmarks



Who is online

Registered users: Baidu [Spider], Bing [Bot], Exabot [Bot], Google [Bot], konstar, muscatelle, philiptucker, piper, Yahoo [Bot]