Re: In-browser mech-like thing?

You're going to run into a wall called cross site request forgery (xsrf). What your probably going to want to do is make a type of web proxy (something like this already exists though?) that takes the login, scrapes the page, takes more info and scrapes the page, and continues to repeat the process.

Either way, what you're asking about is a directed man in the middle attack. It might be completely legitimate because of the company policy of where your users work or some other law (I can't think of how or why and I doubt this is legitimate). But that should start you on enough resources to do what you want to do.

Comment on Re: In-browser mech-like thing?

Replies are listed 'Best First'.
Re^2: In-browser mech-like thing? by Anonymous Monk on Oct 31, 2010 at 11:00 UTC
I can't think of a legitimate use for this, having a 3rd party BROWSER addon do automated logins on behalf of users to banks, means that it needs to store login/pass for users.... this is pretty much against most banking regulations AFAIK	[reply]
Re^3: In-browser mech-like thing? by aquarium (Curate) on Oct 31, 2010 at 22:11 UTC
and furthermore, since the entire session (not just the login) is likely to be https, you won't be able to scrape the gibberish. you can automate pressing buttons etc, but the https info sent from the server will not be intelligable, afaik. the hardest line to type correctly is: stty erase ^H	[reply]
Re^4: In-browser mech-like thing? by dgaramond2 (Monk) on Nov 03, 2010 at 03:14 UTC
If we implement the scraper as a browser plugin/addon, the browser will provide the HTTPS content (and even the DOM) for us. IIRC, Chrome permits an addon/extension to insert some script to any page and do cross-domain AJAX request (after the user allows it).	[reply]
Re^3: In-browser mech-like thing? by dgaramond2 (Monk) on Nov 03, 2010 at 03:11 UTC
Not necessarily, if the user/pass is stored by the browser addon in-memory for the current browsing session only. The user will then be slightly inconvenienced by having to enter a user/pass in the morning, but during the day as long as it does not close the browser, the browser addon can periodically login+logout on behalf of the user to check for new transactions. Also, how is this different from browsers themselves saving login username/password for the user (by explicit consent from the user). Do banks in the US explicitly forbid this browser feature?	[reply]