If followed everything you were talking about until this point.2) You MUST remove the public key before Wireshark will process your
packets. I do this and then rename webmitm's cert to .key so I
know the data has been removed.
What do you mean by "remove the public key"?
As to your question about the password, I would venture to guess that it is contained within the cookie. See if you can find some info about what gmail writes to it's cookie file and how it hashes passwords.