sslstrip not always working - only before successful login

Question

I'm analysing an iOS app written with PhoneGap which first displays an HTTP-page. After tapping on "Login", the user is getting redirected to an HTTPS-page where she can enter the login information.

If I'm setting up arpspoof/sslstrip BEFORE the user logs in the first time, everythings fine. Wireshark confirms that the login data is submitted to an HTTP-Page, so sslstrip did its job.

But if the user logged e.g. one hour BEFORE I could set up arpspoof/sslstrip, the second request (= the login) is sent via HTTPS, even if the app was completely closed. Only if I set the iPads date far in the future, it works again. Then, irritatingly, it also works if I set the date to the current time.

If the app is deleted and installed new, everything works again as expected. What's happening if the user logged in before? Why can't sslstrip do its job then?

My setup: Kali Linux with the following command:

#!/bin/bash
iptables -t nat --flush
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -i PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8008
arpspoof -i wlan0 -t SMARTPHONE-IP GATEWAY-IP

as well as

#!/bin/bash
sslstrip -k -f -l 8008 --write=sslstrip.log

Answer 1

It looks like the application is caching some information. And if you access the original page with the https link/form inside before sslstrip is active it will be cached and later used with https references still intact. By fiddling with the date of the system you reach the expiration time for the cached page, so that it will ignore the cached entry and request the page again, this time through sslstrip. Also, if you delete the app the cache will be deleted too, so that after reinstalling it needs to retrieve the page again.