Showing Live session on Wireshark?

You can't capture plain text passwords if the protocol in use is HTTPS - I'd even go as far as saying that passwords transmitted via HTTPS aren't "plain text" anymore. So Wireshark won't help you here as long as the requirements are that a third party should steal plain text passwords. You can of course decode SSL sessions with Wireshark under the right circumstances, but an attacker without additional intel should not be able to do that.

So I see three demo options here:

1. Find something that isn't HTTPS and demo it
2. Pretend that the SSL private server key got compromised and decode the HTTPS traffic. This is pretty much noch in the area of an awareness training, unless your attendees are SSL server admins that need another hint that they need to keep their SSL private keys protected
3. Do someting like a Man-in-the-Middle by using a proxy to get into the communication, like Fiddler. This, once again, is not really a good setup for an awareness training, because people would have to accept bad (forged) SSL certificates before it works - unless, once again, that this is in your scope of the training.