So ettercap works for traffic over 443 where a certificate is accepted. You'll also see stuff in the clear like snmp and I actually caught an Ldap response a couple weeks ago.

When you run sslstrip, where it can, it passes traffic over port 80 instead of 443, so any traffic designated for port 80 actually goes to 10000 where sslstrip is listening. You will not see those creds in ettercap, you have to parse the sslstrip file to see those.

Also, I have noticed in BT5 not everything seems to be working as seamlessly as BT4R2, I don't know why, (yet) but it just doesn't.

Here's what I would try if I were you. Run my script in BT4R2, go to and try to login in. See if its traversing over http or https. If it asks you to accept a certificate then its 443 and once you accept and login, you should see it in ettercap. If its over http, you won't see it in ettercap and you will have to parse sslstrip.

Then try the BT5 version on google projects and do the exact same thing. They should produce the exact same results (though they may not).

Let me know how it goes