automating logins

berrypendel

Is there anyway to automate the log in to 02 money online account. There is no option to remember the password from firefox. I presume 02 have this disabled for security reasons?

On say amazon one can remember the username/password. Could one write a script or program to enter the username/password when the page is opened. If so how is this done? Same thing on Bord Gais account

And on AIB. A problem I can see with AIB is that there are some random numbers. There is an eight digit static number, three digit random and three digit static numbers to log in. By static I mean always the same as you probably know

This is for my own use on my own computer which no one else has access to and is because I want to be able to log in without continually entering email addresses/passwords/numbers. also i am interested in learning how to do it justvfor the interest

dilallio

I don't know, but I would imagine that there is no easy way to do this. Otherwise the banks might leave themselves open to possible claims from people whose pc / laptop was stolen and bank accounts accessed.

It's really not a good idea to set up an automated login, even if it's possible. Far better to change the passwords to something secure but easier to remember.

chin_grin

On banking sites? I wouldn't to be honest. Besides how are you going to automate it asking for random numbers of your five digit code when logging in? A script won't know that it's going to ask for the fifth digit first or the second.

For other sites like O2\gmail\etc I'd recommend using an add on called LastPass. You just set up a master password and store all your site passwords in that (it doesn't save on their server). You can set sites to auto-login. Very handy for the boards time out.

https://lastpass.com/

Ah yeah it's encrypted locally (from the intro video on the site).

https://www.youtube.com/watch?v=RM0fzHxMASQ

berrypendel

dilallio wrote: »

I don't know, but I would imagine that there is no easy way to do this. Otherwise the banks might leave themselves open to possible claims from people whose pc / laptop was stolen and bank accounts accessed.

It's really not a good idea to set up an automated login, even if it's possible. Far better to change the passwords to something secure but easier to remember.

can remember the passwords just hate havng to type them each login

berrypendel

chin_grin wrote: »

On banking sites? I wouldn't to be honest. Besides how are you going to automate it asking for random numbers of your five digit code when logging in? A script won't know that it's going to ask for the fifth digit first or the second.

For other sites like O2\gmail\etc I'd recommend using an add on called LastPass. You just set up a master password and store all your site passwords in that (it doesn't save on their server). You can set sites to auto-login. Very handy for the boards time out.

https://lastpass.com/

Ah yeah it's encrypted locally (from the intro video on the site).

https://www.youtube.com/watch?v=RM0fzHxMASQ

Besides how are you going to automate it asking for random numbers of your five digit code when logging in? A script won't know that it's going to ask for the fifth digit first or the second.

thought that might be a problem wondered if there was any way around it. Will look at last pass thanks;)

yoyo

I use Secure Login for Firefox, it may work for you in this case but as others say its probably best to leave certain passwords such as online banking etc. out of the browsers memory.

Nick

berrypendel

yoyo wrote: »

I use Secure Login for Firefox, it may work for you in this case but as others say its probably best to leave certain passwords such as online banking etc. out of the browsers memory.

Nick

thanks.;) Why do you say "its probably best to leave certain passwords such as online banking etc. out of the browsers memory."

Is it because the pc may be stolen or is there some inherent weakness in the browser/secure login itself

yoyo

berrypendel wrote: »

thanks.;) Why do you say "its probably best to leave certain passwords such as online banking etc. out of the browsers memory."

Is it because the pc may be stolen or is there some inherent weakness in the browser/secure login itself

Well if anybody gained unauthorized access to your machine, either by remote connection or simply someone using your machine they could quite easily look in Firefox's "Saved Passwords". Now I think you can password protect this so that people cannot view the saved passwords without entering a master password, but I honestly cannot say how Mozilla encrypt the saved passwords, if even at all

Nick

chin_grin

yoyo wrote: »

Well if anybody gained unauthorized access to your machine, either by remote connection or simply someone using your machine they could quite easily look in Firefox's "Saved Passwords". Now I think you can password protect this so that people cannot view the saved passwords without entering a master password, but I honestly cannot say how Mozilla encrypt the saved passwords, if even at all

Nick

Which is why I run Firefox in permanent private browsing mode. <cof>

berrypendel

yoyo wrote: »

Well if anybody gained unauthorized access to your machine, either by remote connection or simply someone using your machine they could quite easily look in Firefox's "Saved Passwords". Now I think you can password protect this so that people cannot view the saved passwords without entering a master password, but I honestly cannot say how Mozilla encrypt the saved passwords, if even at all

Nick

OK secure login did not work with a bank site i tried. old one no money in it. Are the passwords in FF saved passwords saved on the FF site/server?

yoyo

berrypendel wrote: »

OK secure login did not work with a bank site i tried. old one no money in it. Are the passwords in FF saved passwords saved on the FF site/server?

If you use Firefox Sync then they would be saved on Mozillas servers, otherwise stored in a local database on your machine. If neither LastPass or Secure Login work then the bank has probably gone to many steps to prevent you saving the password.
Another thing you could try is setting up a Macro to do the login, for Firefox iMacros is good. Note that with iMacros macros no data is encrypted, so all a person on your machine would need to is view the macros source for the login credentials!

Nick

chin_grin

berrypendel wrote: »

OK secure login did not work with a bank site i tried. old one no money in it. Are the passwords in FF saved passwords saved on the FF site/server?

All Firefox passwords are saved locally in the Password Manager (If you chose to save them). Options - Security tab - password manager. Any password you have chosen to save is only local to your pc. So might be a point to hacker-proof the pc too (anti virus\firewall\password protection).

I use lastpass + (permanently on) private browsing.

Usually Firefox stores all your information locally on the pc in the profile folder (http://kb.mozillazine.org/Profile_folder_-_Firefox).

berrypendel

chin_grin wrote: »

All Firefox passwords are saved locally in the Password Manager (If you chose to save them). Options - Security tab - password manager. Any password you have chosen to save is only local to your pc. So might be a point to hacker-proof the pc too (anti virus\firewall\password protection).

I use lastpass + (permanently on) private browsing.

Usually Firefox stores all your information locally on the pc in the profile folder (http://kb.mozillazine.org/Profile_folder_-_Firefox).

hackerproofed as i can make it;)

just to clarify with last pass the passwords are only stored locally?

yoyo

berrypendel wrote: »

hackerproofed as i can make it;)

just to clarify with last pass the passwords are only stored locally?

Online with LastPass, there was also a LastPass security breach recently enough iirc, nothing major but certainly a concern all the same! I used to use it but gave up on it

Nick

chin_grin

yoyo wrote: »

Online with LastPass, there was also a LastPass security breach recently enough iirc, nothing major but certainly a concern all the same! I used to use it but gave up on it

Nick

I thought it was locally with lastpass?

https://lastpass.com/support.php?cmd=showfaq&id=425

Ah, from that FAQ.

Your data is also securely synced with the LastPass servers.

So, it's encrypted before synch?

yoyo

chin_grin wrote: »

I thought it was locally with lastpass?

https://lastpass.com/support.php?cmd=showfaq&id=425

Ah, from that FAQ.



So, it's encrypted before synch?

Ahh its encrypted alrite, same as Mozilla Sync does. Afaik some data was accessed on LastPass's servers but I don't think there was any major problem, but a concern none the less

Nick

28064212

Disclaimer: I do not recommend this. This is purely a proof-of-concept that I worked up to see if it could be done. This is incredibly insecure, and any losses resulting from the use of this code is down to the user foolish enough to use this for any real data

You could always use Greasemonkey. It allows you to run your own javascript on any page. For example, I knocked this up for the AIB internet banking website:

// ==UserScript==
// @name           AIB Login
// @namespace   AIB
// @include        https://aibinternetbanking.aib.ie/inet/roi/login.htm
// ==/UserScript==

var step = document.getElementsByClassName("aibImageTitle")[1].getElementsByTagName("span")[0];
if(step != null && step.innerHTML == "Step 1 of 2")
{
	var regNumber = "12345678";
	document.getElementById("regNumber").value = regNumber;
}
else if(step != null && step.innerHTML == "Step 2 of 2")
{
	var pass = "1234";
	var homephone = "9999";
	var workphone = "8888";
	var digits = document.getElementsByClassName("aibRowRight")[0].getElementsByTagName("strong");
	var inputs = document.getElementsByClassName("aibRowRight")[0].getElementsByTagName("input");
	for(var i = 0; i < digits.length; i++)
	{
		inputs[i].value = pass.charAt(digits[i].innerHTML.replace("Digit ", "") - 1);
	}
	var phoneinput = document.getElementById("challenge");
	var phoneq = phoneinput.parentNode.getElementsByTagName("label")[0].innerHTML;
	if(phoneq.indexOf("work") != - 1)
	{
		phoneinput.value = workphone;
	}
	else
	{
		phoneinput.value = homephone;
	}
}

You'd have to put in your own details for "regNumber", "pass", "homephone" and "workphone"

berrypendel

28064212 wrote: »

Disclaimer: I do not recommend this. This is purely a proof-of-concept that I worked up to see if it could be done. This is incredibly insecure, and any losses resulting from the use of this code is down to the user foolish enough to use this for any real data

You could always use Greasemonkey. It allows you to run your own javascript on any page. For example, I knocked this up for the AIB internet banking website:

// ==UserScript==
// @name           AIB Login
// @namespace   AIB
// @include        https://aibinternetbanking.aib.ie/inet/roi/login.htm
// ==/UserScript==

var step = document.getElementsByClassName("aibImageTitle")[1].getElementsByTagName("span")[0];
if(step != null && step.innerHTML == "Step 1 of 2")
{
    var regNumber = "12345678";
    document.getElementById("regNumber").value = regNumber;
}
else if(step != null && step.innerHTML == "Step 2 of 2")
{
    var pass = "1234";
    var homephone = "9999";
    var workphone = "8888";
    var digits = document.getElementsByClassName("aibRowRight")[0].getElementsByTagName("strong");
    var inputs = document.getElementsByClassName("aibRowRight")[0].getElementsByTagName("input");
    for(var i = 0; i < digits.length; i++)
    {
        inputs[i].value = pass.charAt(digits[i].innerHTML.replace("Digit ", "") - 1);
    }
    var phoneinput = document.getElementById("challenge");
    var phoneq = phoneinput.parentNode.getElementsByTagName("label")[0].innerHTML;
    if(phoneq.indexOf("work") != - 1)
    {
        phoneinput.value = workphone;
    }
    else
    {
        phoneinput.value = homephone;
    }
}

You'd have to put in your own details for "regNumber", "pass", "homephone" and "workphone"

how does it know the random numbers each time?

28064212

berrypendel wrote: »

how does it know the random numbers each time?

This line:

var digits = document.getElementsByClassName("aibRowRight")[0].getElementsByTagName("strong");

grabs the 3 "Digit X" texts from the page, and then this line:

inputs[i].value = pass.charAt(digits[i].innerHTML.replace("Digit ", "") - 1);

checks what 'X' is and matches it up to the corresponding digit in the password

berrypendel

28064212 wrote: »

This line:

var digits = document.getElementsByClassName("aibRowRight")[0].getElementsByTagName("strong");

grabs the 3 "Digit X" texts from the page, and then this line:

inputs[i].value = pass.charAt(digits[i].innerHTML.replace("Digit ", "") - 1);

checks what 'X' is and matches it up to the corresponding digit in the password

very interesting thanks. Not that i will be trying it;)

berrypendel

As far as I can see imacros will not work on 3v.ie

amynbe

28064212 wrote: »

...

Thanks for the share, here is a simply shortened version that handles only the random fields for less danger. The rest can be handled more securely directly with e.g. lastpass.

// ==UserScript==
// @name           AIB Login
// @namespace      AIB
// @include        https://aibinternetbanking.aib.ie/inet/roi/login.htm
// ==/UserScript==

var step = document.getElementsByClassName("aibImageTitle")[1].getElementsByTagName("span")[0];
if(step != null && step.innerHTML == "Step 2 of 2")
{
    var pass = "12345";
    var digits = document.getElementsByClassName("aibRowRight")[0].getElementsByTagName("strong");
    var inputs = document.getElementsByClassName("aibRowRight")[0].getElementsByTagName("input");
    for(var i = 0; i < digits.length; i++)
    {
        inputs[i].value = pass.charAt(digits[i].innerHTML.replace("Digit ", "") - 1);
    }
}