I'd like to use this technique on my home LAN where I own, and have access to, all of the components.
My (limited) knowledge of the subject tells me that is I use a true Hub on the network, then the whole arpspoofing part is unnecessary. Is that right?
Also, the iptables-based port forwarding (the 'echo 1...' one) seems to kill connectivity altogether, whether using this attack or others like it. I'm using BT4 Beta. I'm assuming that the Ubuntu-based BT4 Pre-Final that you used here must have something different under the hood? For me, fragrouter was the only thing that would work to maintain connectivity, but it doesn't have the capability to route your port 80 traffic to port 10000 (and shouldn't that be 443 anyway? Why port 80 for https?)
Thanks! Your guide is awesome. I've been trying to figure out how to do what I call a "real mitm" attack for a long time. You know, place a REAL "monkey" in the middle instead of using APR. Eventually I want to migrate this onto my Smoothwall machine that already uses Squid and other monkeys.
I figured it would be simple. After all, if you own the network, then you don't have to own it. (see what I did there? har har)