Logo

Check for bad certs from Komodia / Superfish

This tool checks if you are affected by a malicious certificate installed by the software Superfish or other software using the same technology (Komodia). See below for a detailed explanation.

 
Superfish
 
Keep My Family Secure
 
Kurupira
 
Staffcop
 
Qustodio/Windows
 
Qustodio/OS X
 
Easy hide IP
 
Lavasoft AdAdware WebCompanion
 
Sendori / PureLeads
 
SecureTeen
 
ImpresX / DiscountCow
 
Covenanteyes
 
WebProtect
 
Hide my IP
 
Komodia generic
 
Man-in-the-Middle generic This test didn't seem to work reliably, for testing it's here
 

Explanation

ok If you see this everywhere then you're fine, no certificate is fiddling with your connection.
bad If you see this then it means a connection with a malicious certificate was able to serve you data. Your HTTPS connections can be attacked. You should try to remove the software *and* the certificate.
fail If you see this everywhere it means your browser accepts a completely invalid certificate. You may have the Privdog Adware installed, but this could also have other reasons. You are definitely at high risk of being attacked.

The "Komodia generic" test uses a trick found by Filippo Valsorda using the SAN extension that will detect most (but not all) software using the Komodia SSL interception technology. If you see a warning in this line and nowhere else you probably have some dangerous software installed that is not detected by any of the other tests. If you contact me we may be able to analyze that.

The "Man-in-the-Middle generic" test will only be enabled if you have Firefox 35 or newer, Chrome/Chromium 38 or newer or Opera 23 or newer. These browsers support HTTP Public Key Pinning (HPKP), which allows us to detect Man-in-the-Middle-attacks on HTTPS in a generic way. If you see a warning here and not anywhere else it means some software is doing traffic interception. This is almost never a good idea, unfortunately many Anti-Virus-applications, filtering technologies and others do this. I suggest you stop using whatever product is causing this.

The Man-in-the-Middle test can be force-enabled by adding ?forcemitm=1 to the URL, however this will likely lead to false positive detection.

 

For Superfish there is now an official removal Utility from Lenovo. I am not aware of any generic tool to remove the others. You need to manually uninstall the software first and the certificate afterwards.

If you're interested in more technical background look here. Filippo has another test that is more user friendly, but right now it doesn't detect as much as this one.

The certificates and keys were extracted by Robert Graham and slipstream / raylee.

 

Hanno Böck