EvilZone

You could use a key logger on the machine of someone whom you know accesses the server in question. You could quickly code one that activites when the user types in the address you want to compromise. A less easy klogger would implement a listener on outbound HTTP/S requests and activates when a GET request is made for the resource in question and deactivates after successful authentication.

Not sure if there are premade tools for this, though I have always hated the concept of key logging without some sort of activation/shutdown mechanism to reduce captured content.