Good call, should have thought of that sooner.
OK this is what I get:
http://users.guardian.co.uk/signin/tr/1,13542,-1,00.html
POST /signin/tr/1,13542,-1,00.html HTTP/1.1
Host: users.guardian.co.uk
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:
+1.7.8) Gecko/20050511 Firefox/1.0.4
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
+,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://users.guardian.co.uk/signin/0,12930,-1,00.html?AU_LOGI
+N_ID=myusername&AU_PASSWORD=%2D%2D%2D%2D%2D%2D%2D%2D&AU_PASSWORD_HASH
+=12f6c69cf906afb85852b32bc04e4c19&AU_CHALLENGE=1117250755&AU_CHALLENG
+E2=c486109c620b57c4bc69b4792179cdb9
Cookie: GU_MU=UVdvQE44Q29AamtBQUR2T2VMWXxpV3RHNEZCQmhZeVIzbEI5dzlPUWdB
+PT0%3d; GU_LOCATION=YXVzOjU6dmk6NDpyaWNobW9uZDozOi0xOmJyb2FkYmFuZDotM
+zcuODMzOjE0NS4wMDBAOTAxOTgyNDIxMjQ4OTE1NTYyMjUzNTI0NzUxOTE0MzIwNjc0Mj
+Qz; CP=*; GU_ST=http%3A//www.guardian.co.uk/
Content-Type: application/x-www-form-urlencoded
Content-Length: 199
AU_LOGIN_ID=myusername&AU_PASSWORD=--------&AU_KEEP_ME_SIGNED_IN=on&AU
+_PASSWORD_HASH=f67c849de72c3939d7169374f761ab9e&AU_CHALLENGE=11172509
+06&AU_CHALLENGE2=fd62bbf5c99827b9b738eac3cb566c35
HTTP/1.x 301 Moved Permanently
Date: Sat, 28 May 2005 03:29:00 GMT
Server: Apache/1.3.33 (Unix)
Set-Cookie: GU_ME=myusername; path=/; expires=Thu, 27 May 2010 03:29:0
+2 GMT; domain=.guardian.co.uk
Set-Cookie: GU_MI=mi%5Fi%3D872201%3Bmi%5Fp%3DCRE%2CTLK%2CBRF%2CMGU%3Bg
+u%5Fpk%3DCRE%2CTLK%2CMGU%3Bmi%5Fe%3D%21200505310329%3Bmi%5Fs%3Dba40d2
+702ddb6ca1d9f0eb8c61793554; path=/; expires=Thu, 27 May 2010 03:29:02
+ GMT; domain=.guardian.co.uk; httponly;
Set-Cookie: GU_MY=200505280339:67f4730c3bbbccb2723f33abb5d3e922; path=
+/; expires=Sat, 28 May 2005 03:39:02 GMT; domain=users.guardian.co.uk
+; httponly;
Location: /signin/status/tr/1,13608,-1,00.html
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
----------------------------------------------------------
http://users.guardian.co.uk/signin/status/tr/1,13608,-1,00.html
GET /signin/status/tr/1,13608,-1,00.html HTTP/1.1
Host: users.guardian.co.uk
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:
+1.7.8) Gecko/20050511 Firefox/1.0.4
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
+,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://users.guardian.co.uk/signin/0,12930,-1,00.html?AU_LOGI
+N_ID=myusername&AU_PASSWORD=%2D%2D%2D%2D%2D%2D%2D%2D&AU_PASSWORD_HASH
+=12f6c69cf906afb85852b32bc04e4c19&AU_CHALLENGE=1117250755&AU_CHALLENG
+E2=c486109c620b57c4bc69b4792179cdb9
Cookie: GU_MU=UVdvQE44Q29AamtBQUR2T2VMWXxpV3RHNEZCQmhZeVIzbEI5dzlPUWdB
+PT0%3d; GU_LOCATION=YXVzOjU6dmk6NDpyaWNobW9uZDozOi0xOmJyb2FkYmFuZDotM
+zcuODMzOjE0NS4wMDBAOTAxOTgyNDIxMjQ4OTE1NTYyMjUzNTI0NzUxOTE0MzIwNjc0Mj
+Qz; CP=*; GU_ST=http%3A//www.guardian.co.uk/; GU_ME=myusername; GU_MI
+=mi%5Fi%3D872201%3Bmi%5Fp%3DCRE%2CTLK%2CBRF%2CMGU%3Bgu%5Fpk%3DCRE%2CT
+LK%2CMGU%3Bmi%5Fe%3D%21200505310329%3Bmi%5Fs%3Dba40d2702ddb6ca1d9f0eb
+8c61793554; GU_MY=200505280339:67f4730c3bbbccb2723f33abb5d3e922
HTTP/1.x 301 Moved Permanently
Date: Sat, 28 May 2005 03:29:03 GMT
Server: Apache/1.3.33 (Unix)
Set-Cookie: GU_ME=myusername; path=/; expires=Thu, 27 May 2010 03:29:0
+5 GMT; domain=.guardian.co.uk
Set-Cookie: GU_MI=mi%5Fi%3D872201%3Bmi%5Fp%3DCRE%2CTLK%2CBRF%2CMGU%3Bg
+u%5Fpk%3DCRE%2CTLK%2CMGU%3Bmi%5Fe%3D%21200505310329%3Bmi%5Fs%3Dba40d2
+702ddb6ca1d9f0eb8c61793554; path=/; expires=Thu, 27 May 2010 03:29:05
+ GMT; domain=.guardian.co.uk; httponly;
Set-Cookie: GU_ST=; path=/; domain=.guardian.co.uk
Location: http://www.guardian.co.uk/
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
----------------------------------------------------------
http://www.guardian.co.uk/
At which point I'm taken to the front page and I'm logged in.
($_='kkvvttuu bbooppuuiiffss qqffssmm iibbddllffss')
=~y~b-v~a-z~s; print