Since we can't see where the URL is going to, it's not easy to do.
Dude, you caused me to think up something that MIGHT be helpful in solving this issue! There are extensions that can record the HTTP headers and show them to the user right? What I'm thinking is that we can somehow log HTTP header traffic, and use the info with that to find out the URL a HTTP auth pop-up belongs to!
Step 1, examine one of them extensions and see how they work.
Step 2, see if idea will work at all.
Step 3, ...
Step 4, Profit?
Okay, no more jokes like that again...