If Face has a config file or registry entries somewhere, then just a way to enter the "userid:password" parameter is pretty much all that's needed there -- just treat it as a single combined string like Hijack does. Face then just needs to base64 encode it, and include the one extra HTTP header line in the requests to Hijack's web server. Done.

Cheers