You have never mentioned before that bettercap works, so I was just pointing out the possible things that could go wrong. Are you able to sniff http data in with bettercap?
Yeah, the arp spoof attack is working so you should be able to sniff data from http://testphp.vulnweb.com/login.php, so clear browser’s cache on victim and try it again.
Also remember to enable ip forwarding every time you want boot kali and want to try this attack, I mean echo 1 > /proc/sys/net/ipv4/ip_forward
Let me know.