Well, sniffing the connection itself would be a good starting point; you're likely not going to capture usernames/passwords on large sites (as they'll usually be using SSL) but smaller sites such as those with bulletin boards (heh, hmm) you'd be able to sniff things from there.
Donate to UGN Security here.
UGN Security, Back of the Web, Elite Web Gamers & VNC Web Design Owner