Hi all Sorry havent been in in a little while to check on my baby ill answer some stuff quickly,
One WNIC ie (wlan0) would connect to your network as per usual, and the other ie (wlan1) would be used to broadcast your fake AP on (all this happens inside BT).Generally ANOTHER computer would then connect to your fakeAP, that you either, A: Choose a name for, or B: Used the A switch to respond to all probes, this mode does require that the victim has saved networks, PERHAPS this is your problem?
Most tools scripts etc, would even require THIS. For example, a remote shell, let`s say using metasploit, is not going to route through a NAT as it has no instruction on where to go afterwards, HOSTS of VM`s can be set to forward layer 3 through a NAT much like your router does, but is a pain in the a** and not needed, as we have bridged networking.
As for slow networking (especially inside a vm) it could be a MULTITUDE of problems, cards, drivers, MTU values, routing rules, blah blah blah etc. I can say that ,"I", using an awus036h I get great speeds. As for your last problem with the clean up causing the script to stop working untill reset, where exactly does the problem arise?
ComaX I have an update coming real soon , that will show you a little more the power of sh, as basic as it is when you apply some dirty hacks and tricks it`s pretty much capable of doing whatever (as with most other langauages).