As evidenced by my post count, I'm new here. Hopefully I'm not asking a question that has been asked numerous times in the past, and I apologize if I am.

I'm using BT2 on a laptop. I have a madwifi NIC and one ethernet NIC.

The madwifi device is in AP mode, and will be called ath1.
The ethernet iface is eth0.

My goal is to spoof SSL over a bridged connection (ath1 -> br0 -> eth0), and apparently the weapon of choice that keeps popping up is Ettercap. I can successfully bridge my connections, and tcpdump shows me that I can snag all the packets coming from clients associated with my AP when it is bridged to my ethernet iface. However, I'd like to handle SSL transactions, which is what Ettercap will be doing.

As a control test, I made sure that Ettercap could negotiate SSL while on a switched network, which it did. I then set Ettercap up to listen first on eth0, then on ath1, each time in unified sniffing mode. I was able to pull packets, but not make the SSL handoff. I read somewhere that bridged sniffing mode does not correctly implement the SSL conversations, but I tried it anyway - no luck. SSL goes through ettercap untouched and still encrypted.

So, to sum up, I can make the SSL handoff when arp poisoning on a switched network, but I can't make it when I'm listening to an interface that's part of a bridge. There must be some way to do that. Any pointers?