http://www.perlmonks.org?node_id=461359


in reply to Re^2: Log In To guardian.co.uk with WWW::Mechanize
in thread Log In To guardian.co.uk with WWW::Mechanize

Still no time to work on this, but I'm curious enough to poke at it every once in a while. Between different requests to the login page, here's what changes:
[11:23am] eero:~/tmp/guardian: diff 0,12930,-1,00.html o 236c236 < <input type="hidden" name="AU_CHALLENGE" value="1117293798"><input t +ype="hidden" name="AU_CHALLENGE2" value="af7fb54d3a917e272e2b7abe1353 +bd51"></form></table></td></tr></table> --- > <input type="hidden" name="AU_CHALLENGE" value="1117293788"><input t +ype="hidden" name="AU_CHALLENGE2" value="59e3978f05fde8396395a576645c +d04b"></form></table></td></tr></table> [11:23am] eero:~/tmp/guardian:
...and here's where in the page source the work is done:
function preparePassword() { var form = document.regpss1; var dummy = '----------------------------------------'; form.AU_PASSWORD_HASH.value = binl2hex(core_hmac_md5(form. +AU_CHALLENGE2.value,form.AU_PASSWORD.value)); form.AU_PASSWORD.value = dummy.substr(0,form.AU_PASSWORD.v +alue.length); regpss_submitted = true; form.submit(); }

I'm guessing that you'll need to take your password, run it through that hashing sequence and then return that as the actual password in the post. Or something like that.

I'm surprised nobody's done this yet.