Hypo CSV crawler - online banking statements downloader from Hypovereinsbank Munich, Germany using PHP & CURL CLI


/ Published in: PHP
Save to your folder(s)

updated 2013-04-18!

just replace the XXX fields with your own numbers. Then run this PHP Script from the command line (CLI mode). It will fetch the online statements from Hypovereinsbank direct banking.

The code works by tweaking CURL settings around the HTTPS connection.


Copy this code and paste it in your HTML
  1. <?php
  2. /**
  3.  * fetch CSV data from hypovereinsbank Direct B@nking
  4.  *
  5.  * @author CU
  6.  * @version 1.0
  7.  * @requires curl in CLI mode
  8.  */
  9.  
  10. getHypoData();
  11.  
  12. /**
  13.  * retrieves CSV data from hypovereinsbank Direct B@nking website.
  14.  * @return boolean successful or not
  15.  * @access public
  16.  * @static makes the class property accessible without needing an instantiation of the class
  17.  */
  18. function getHypoData()
  19. {
  20. # CONFIG
  21. $sleepMin = 5;
  22. $sleepMax = 10;
  23. # $proxyCfg = ' -x XXX.XXX.XXX.XXX:XXXX';
  24. $direktbankingNr = 'xxxxxxxxxxx';
  25. $pwdOnline = 'xxxxxxxxx';
  26. # CONFIG
  27.  
  28. # to use strftime's magic
  29. setlocale(LC_TIME, "de_DE");
  30.  
  31. $curlParameters = $proxyCfg. ' --silent --user-agent "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" -b cookies_hypo.txt -c cookies_hypo.txt --location';
  32. # to debug CURL simply uncomment next line
  33. # $curlParameters = ' --include --trace-ascii debugdump0.txt '.$proxyCfg.' --user-agent "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" -b cookies_hypo.txt -c cookies_hypo.txt --location';
  34.  
  35. if (file_exists('cookies_hypo.txt')) {
  36. unlink('cookies_hypo.txt') || die (print 'Cannot remove cookies_hypo.txt');
  37. }
  38. echo date('Y-m-d H:i:s') .' initial URL fetch' ."\n";
  39. $output = array();
  40. $run = exec('curl https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp '. $curlParameters, $output);
  41. if (!$run) {
  42. print "could not execute CURL line ". __LINE__;
  43. return false;
  44. }
  45. if (count($output)<=10 || count($output)>=1000) {
  46. print_r($output);
  47. print "FATAL: buggy input. ";
  48. return false;
  49. }
  50. $ViewState = '';
  51. # find the "ViewState"
  52. foreach ($output as $line) {
  53. if ($ViewState=='' && strpos($line, 'hidden')!==false && strpos($line, 'ViewState')!==false) {
  54. echo date('Y-m-d H:i:s') .' identified ViewState Line' ."\n";
  55. $challenge_line = split('"', $line);
  56. if ($ViewState = $challenge_line[7]) {
  57. echo date('Y-m-d H:i:s') .' identified ViewState: '. $ViewState ."\n";
  58. }
  59. }
  60. }
  61. if (strlen($ViewState)<=10 || strlen($ViewState)>=200) {
  62. echo date('Y-m-d H:i:s') .' FATAL: weird ViewState: '. $ViewState ."\n";
  63. return false;
  64. }
  65. sleep(rand($sleepMin,$sleepMax));
  66.  
  67. echo date('Y-m-d H:i:s') .' attempt login' ."\n";
  68. $output = array();
  69. $run = exec('curl https://my.hypovereinsbank.de/login?view=/privatkunden/login.jsp --data "username='. $direktbankingNr .'&px2='. $pwdOnline .'&secP=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF&fp=&directBankingLoginForm%3AloginPanel%3AloginCommand=Anmelden&directBankingLoginForm%3A_idcl=&directBankingLoginForm%3A_link_hidden_=&directBankingLoginForm_SUBMIT=1&javax.faces.ViewState='. $ViewState .'"'. $curlParameters, $output);
  70. if (!$run) {
  71. print "could not execute CURL line ". __LINE__;
  72. return false;
  73. }
  74. if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
  75. echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
  76. print_r($output);
  77. return false;
  78. }
  79. sleep(rand($sleepMin,$sleepMax));
  80.  
  81. echo date('Y-m-d H:i:s') .' attempt KONTO homepage' ."\n";
  82. $output = array();
  83. $run = exec('curl https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp '. $curlParameters, $output);
  84. if (!$run) {
  85. print "could not execute CURL line ". __LINE__;
  86. return false;
  87. }
  88. if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
  89. echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
  90. print_r($output);
  91. return false;
  92. }
  93. $ViewState = '';
  94. # find the changed "ViewState"
  95. foreach ($output as $line) {
  96. if ($ViewState=='' && strpos($line, 'hidden')!==false && strpos($line, 'ViewState')!==false) {
  97. echo date('Y-m-d H:i:s') .' identified ViewState Line' ."\n";
  98. $challenge_line = split('"', $line);
  99. if ($ViewState = $challenge_line[13]) {
  100. echo date('Y-m-d H:i:s') .' identified ViewState: '. $ViewState ."\n";
  101. }
  102. }
  103. }
  104. if (strlen($ViewState)<=10 || strlen($ViewState)>=200) {
  105. echo date('Y-m-d H:i:s') .' FATAL: weird ViewState: '. $ViewState ."\n";
  106. return false;
  107. }
  108. echo date('Y-m-d H:i:s') .' setting the time-frame' ."\n";
  109. $output = array();
  110. $fromMonth = strftime("%B+%Y", time() - 31*24*3600);
  111. $toMonth = strftime("%B+%Y", time() - 4*24*3600);
  112. $toDay = strftime("%d", time() - 4*24*3600);
  113. echo date('Y-m-d H:i:s') ." TIMEFRAME: 01+$fromMonth - $toDay+$toMonth" ."\n";
  114.  
  115. $run = exec('curl https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp --data "accountManagement%3AdayFrom=1&accountManagement%3AmonthFrom='. $fromMonth .'&accountManagement%3AdayTo='. $toDay .'&accountManagement%3AmonthTo='. $toMonth .'&accountManagement%3AnumberOfTurnovers=9999&accountManagement%3Arefresh=Anzeigen&accountManagement%3Apurpose=&accountManagement%3AamountMin=&accountManagement%3AamountMax=&accountManagement%3A_link_hidden_=&accountManagement%3A_idcl=&accountManagement_SUBMIT=1&&javax.faces.ViewState='. $ViewState .'"'. $curlParameters, $output);
  116. if (!$run) {
  117. print "could not execute CURL line ". __LINE__;
  118. return false;
  119. }
  120. if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
  121. echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
  122. print_r($output);
  123. return false;
  124. }
  125. sleep(rand($sleepMin,$sleepMax));
  126.  
  127. # fetch live & old Kontostand
  128. $liveStart = false;
  129. foreach ($output as $line) {
  130. if (strpos($line, 'Aktueller Kontosaldo')!== false) {
  131. $liveStart = true;
  132. }
  133. if (strpos($line, '</fieldset>')!== false) {
  134. $liveStart = false;
  135. }
  136. if ($liveStart && trim($line) == trim(strip_tags($line)) && strpos($line, 'EUR')!== false) {
  137. $Betrag[0] = trim(str_replace('EUR', '', $line));
  138. }
  139. if ($liveStart && strpos($line, 'negbal')!==false && strpos($line, 'EUR')!== false) {
  140. $Betrag[0] = trim(str_replace('EUR', '', strip_tags($line)));
  141. }
  142.  
  143. if (strpos($line, 'Kontostand am')!== false) {
  144. $linePart = strip_Tags(substr($line, strpos($line, 'Kontostand am')));
  145. $lineParts = explode(date('Y'), $linePart);
  146. $lineParts2 = explode(' ', trim(str_replace('EUR', '', $lineParts[1])));
  147. if ($lineParts2[1]) {
  148. $Betrag[1] = $lineParts2[1];
  149. } else {
  150. $Betrag[1] = trim(str_replace('EUR', '', $lineParts[1]));
  151. }
  152. }
  153. }
  154. echo date('Y-m-d H:i:s ') . ("Kontostand live ... " . $Betrag[0] ." EUR"). "\n";
  155. echo date('Y-m-d H:i:s ') . ("Kontostand old .... " . $Betrag[1] ." EUR"). "\n";
  156. if (!$Betrag) {
  157. print 'no Betrag in line: '. __LINE__;
  158. return false;
  159. }
  160. sleep(rand($sleepMin,$sleepMax));
  161.  
  162. echo date('Y-m-d H:i:s') .' attempt CSV Download' ."\n";
  163. $output = array();
  164. $run = exec('curl https://my.hypovereinsbank.de/portal?view=/banking/accountManagement.jsp --data "accountManagement%3AdayFrom=1&accountManagement%3AmonthFrom='. $fromMonth .'&accountManagement%3AdayTo='. $toDay .'&accountManagement%3AmonthTo='. $toMonth .'&accountManagement%3AnumberOfTurnovers=9999&accountManagement%3Apurpose=&accountManagement%3AamountMin=&accountManagement%3AamountMax=&accountManagement%3AbuttonNavigation%3Aj_id_id182=Download+Kontoums%E4tze+&accountManagement%3A_link_hidden_=&accountManagement%3A_idcl=&accountManagement_SUBMIT=1&&javax.faces.ViewState='. $ViewState .'"'. $curlParameters, $output);
  165. if (!$run) {
  166. print "could not execute CURL line ". __LINE__;
  167. return false;
  168. }
  169. if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
  170. echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
  171. print_r($output);
  172. return false;
  173. }
  174. if ($output) {
  175. $fileName = 'hypo_'.date('Y-m-d.H-i-s'). '.csv';
  176. $result = file_put_contents($fileName, implode("\n", $output)."\n") || die (print "could not dump CSV content to file");
  177. echo date('Y-m-d H:i:s') .' '. count($output). ' lines written to file: '. $fileName .''. "\n";
  178. }
  179. sleep(rand($sleepMin,$sleepMax));
  180.  
  181. echo date('Y-m-d H:i:s') .' attempt Logout' ."\n";
  182. $output = array();
  183. $run = exec('curl https://my.hypovereinsbank.de/login?view=/privatkunden/logout.jsp '. $curlParameters, $output);
  184. if (!$run) {
  185. print "could not execute CURL line ". __LINE__;
  186. return false;
  187. }
  188. if ((strpos(implode(' ', $output), 'LogIn HVB Direct'))) {
  189. echo date('Y-m-d H:i:s') .' FATAL: login page again!'. "\n";
  190. print_r($output);
  191. return false;
  192. }
  193. if ((strpos(implode(' ', $output), 'korrekt'))) {
  194. return true;
  195. }
  196. sleep(rand($sleepMin,$sleepMax));
  197.  
  198. return false;
  199. } // end func
  200.  
  201. # EOF
  202. ?>

URL: http://www.hypovereinsbank.de

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.