You can use ARP spoofing to capture passwords, etc. By spoofing ARP, you can use tools like ettercap (or others) to play man-in-the-middle for SSL, which would enable you to capture and view, in clear text, the usernames and passwords passed to https login screens and other https 'protected' pages / sites. I haven't specifically used dsniff for this type of activity, myself, so unsure how that fares, but I'm sure there are likely tutorials on the web for it, if it's the right tool for the job.
~ hayabusa ~
"All men can see these tactics whereby I conquer,
but what none can see is the strategy out of which victory is evolved."
- Sun Tzu, 'The Art of War'
OSCE, OSCP (Former - GPEN, C|EH - both expiring / expired)