Unsolicited response received on idle HTTP channel starting with "HTTP/1.0 408 Request Time-out\n

[aels]

Faced this error so many-many-many times during scans: :: Progress: [1499/1000000] :: 53 req/sec :: Duration: [0:00:28] :: Errors: 94 ::2019/06/14 23:06:37 Unsolicited response received on idle HTTP channel starting with "HTTP/1.0 408 Request Time-out\nCache-Control: no-cache\nConnection: close\nContent-Type: text/html\n\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\">\n<html>\n<head>\n\t<title>Down for Maintenance 408</title>\n\t<meta name=\"viewport\" content=\"initial-scale=1.0, width=device-width, maximum-scale=1.0, user-scalable=no\" />\n\t<script src=\"//ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js\"></script>\n\t<link rel=\"stylesheet\" type=\"text/css\" href=\"//ds.phncdn.com/www-static/css/maintenance.css?cache=2017072823\" />\n\n <script type=\"text/javascript\">\n (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){\n (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),\n m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)\n })(window,document,'script','//www.google-analytics.com/analytics.js','ga');\n ga('create', 'UA-2623535-1', 'pornhub.com');\n ga('require', 'displayfeatures');\n ga('send', 'pageview');\n </script>\n</head>\n<body>\n\t<div id=\"PornhubNetworkBar\"></div>\n\t<div id=\"maintenancePageResponsive\">\n\t\t<div class=\"titleMaintenance clearfix\">\n\t\t\t<div class=\"topContainer clearfix\">\n\t\t\t\t<div class=\"phImage\"><img src=\"//ds.phncdn.com/www-static/images/pornhub_logo.png?cache=2017072823\" /></div>\n\t\t\t\t<div class=\"textMaintenance\"><h1>Is undergoing maintenance</h1></div>\n\t\t\t</div>\n\t\t</di"; err=<nil>

[joohoi]

This appears to be the target misbehaving, and sending data back after the HTTP connection has been closed. The connection reusing is what makes ffuf fast, so I'd like to avoid removing this functionality.

Instead I'll look into what it takes to suppress the output in such cases.

[ccsplit]

It appears you can use log.SetOutput(ioutil.Discard) to disable these messages, of course this will disable any logging output occurring within the standard libraries. Therefore, it may be a better idea to have an argument which will specify a file of where to put the logging information so it can be retrieved/looked at later.

Some additional references I discovered while taking a look at this issue: https://yourbasic.org/golang/log-to-file/ https://github.com/golang/go/issues/19895 https://golang.org/pkg/log/#SetOutput

[joohoi]

This was fixed in #74