Login and scrape NAB page with PHP and CURL

I was after an automated way to determine if payments had come into my nab.com.au account.

For some reason, nab makes it very difficult to login with PHP and CURL. The main issue is they perform some client side password encoding with JavaScript.

Here is the code below;

//the following function emulates the JavaScript password encoding
	function check($p, $k, $a) {
		for ($i = 0; $i < strlen($p); $i++) {
			$p_charAt = substr($p, $i, 1);
			$r[$i] = $p_charAt;
			$pi = strpos($a, $p_charAt);

			if (($pi >= 0 && $i < strlen($k)) && ($pi !== false)) {
				$k_charAt = substr($k, $i, 1);
				$ki = strpos($a, $k_charAt);
				if ($ki >= 0) {
					$pi -= $ki;
					if ($pi < 0) {
						$pi += strlen($a);
					}
					$a_charAt = substr($a, $pi, 1);
					$r[$i] = $a_charAt;
				}
			}
		}
		return implode($r);
	}

	//grab the login page
	$curl = curl_init();
	curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
	curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1');
	curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($curl, CURLOPT_FOLLOWLOCATION, false);
	curl_setopt($curl, CURLOPT_REFERER, 'http://www.nab.com.au/cgi-bin/ib/301_start.pl?browser=correct');
	curl_setopt($curl, CURLOPT_COOKIEFILE, $cookies);
	curl_setopt($curl, CURLOPT_COOKIEJAR, $cookies);
	curl_setopt($curl, CURLOPT_URL, 'https://ib.nab.com.au/nabib/index.jsp');
	$ret = curl_exec ($curl);
	curl_close ($curl);

	if (preg_match('/id="webKey"\s*value=\s*"(.*?)"/i', $ret, $regs)) {
		$webKey = $regs[1];
	}
	if (preg_match('/id="webAlpha"\s*value=\s*"(.*?)"/i', $ret, $regs)) {
		$webAlpha = $regs[1];
	}

	if (preg_match('/name="org\.apache\.struts\.taglib\.html\.TOKEN"\s*value=\s*"(.*?)"/i', $ret, $regs)) {
		$token = $regs[1];
	}

	$password = urlencode(check($password, $webKey, $webAlpha));

	//login page
	$curl = curl_init();
	curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
	curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1');
	curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($curl, CURLOPT_REFERER, 'https://ib.nab.com.au/nabib/index.jsp');
	curl_setopt($curl, CURLOPT_COOKIEFILE, $cookies);
	curl_setopt($curl, CURLOPT_COOKIEJAR, $cookies);
    curl_setopt($curl, CURLOPT_POST, 1);
    curl_setopt($curl, CURLOPT_POSTFIELDS, "org.apache.struts.taglib.html.TOKEN={$token}&userid={$userid}&password={$password}&charityId=&applyOffers=&applyMyOffers=&applyHomeLoan=&applyPersonalLoan=&applyAcctSavings=&applyAcctTran=&applyTermDeposits=&applyCreditCards=&applyCreditCardLimit=&statementSettings=&newBillPayment=&newInternationalPayment=&login=Login");
	curl_setopt($curl, CURLOPT_URL, 'https://ib.nab.com.au/nabib/loginProcess.ctl');
	$ret = curl_exec ($curl);
	curl_close ($curl);

Thanks for this page for pointing me in the right direction.


Posted

in

,

by

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *