Well, sniffing the connection itself would be a good starting point; you're likely not going to capture usernames/passwords on large sites (as they'll usually be using SSL) but smaller sites such as those with bulletin boards (heh, hmm) you'd be able to sniff things from there.
_________________________
Donate to UGN Security here.
UGN Security, Back of the Web, Elite Web Gamers & VNC Web Design Owner