Make your own Superfish infected VM

Hello, a quick post to allow everyone to play along at home with this Superfish thing. (In case this isn't clear: this post is for security professionals only)

Disclaimer: sleep deprived and exhausted. Been working on Badfish for 16 hours now, expect inconsistencies.

If you don't know what this is about, go read my Twitter stream or Ars or Marc. tl;dr Lenovo screwed up big time.

  • First get the "IE11 on Win8.1" VM from modern.ie.
    Trust me, you want that one.
  • Download it, load it and take a snapshot before starting.
  • Boot it and navigate to https://filippo.io/Badfish/installer
  • NEW: disable Windows Defender real-time protection
  • If you want Firefox connections to be intercepted and the cert to be inserted in Firefox, either install Firefox before and quit it (this thing is buggy as hell) or reboot after installing Firefox
  • Execute the installer. No need to reboot.

Congratulations, you now have a really convenient MitM service!

Now you can find the certificate in the system store, have fun extracting the private key ghetto style or test/improve the removal instructions.