Let me mention that even Little Snitch (or your firewall program) is not capable of faking a server for HTTPS connections (because your browser or OCSP has the certain chain). So whatever data they could manage to send to a bad dude are useless even, because the bad dude doesn't have the server certificate.
This leads to my next question, which is: can a Firefox extension make fake certificates show up as good? I doubt it. But a hacked firefox... hmmm... that could be a worry-point.
Anyway, of course the answer is a network sniffer, but it'd have to be on another computer to be sure that the bad dudes at Little Snitch (ironically, the only software a software pirate actually has to buy) haven't thought about your sniffer too :)