PHP Xdebug configuration

Time:2020-11-24

Introduction to Xdebug

  • Xdebug is an open source PHP debugger, which can be used to track, debug and analyze the running status of PHP. It is powerful and helpful to audit
  • The. Xdext / PHP file is usually installed in a PHP directory_ xdebug.dll 。 By configuring the php.ini Document usage
  • After configuring Xdebug, a document will be generated in the specified directory each time you visit a page. The document records the running time and source file of related variables and functions in detail. Through this document, you can know the running status of PHP and the efficiency of a function

0x02 install and configure debug

  • install
    • If there is no PHP in the PHP installation directory_ xdebug.dll File, need to download to the official websiteXdebug corresponding to your native PHP version,After the download is complete, place it under the corresponding version / ext /
  • Configuration (after modifying the configuration file, you need to restart the Apache service to take effect)
    • modifyCorresponding PHP versionConfigure the (. INI) file as follows
    • Parameter interpretation
      • 1937: write the parser output to the directory to which you want to run PHP, and make sure that the user who will run PHP has write permission to that directory
      • 1938: when this setting is set to! = 0, the stack dump generated by Xdebug in error condition will also display all variables in the topmost range. Note that this can generate a lot of information, so it is turned off by default
      • 1939: output folder for logs, make sure that the user who will run PHP has write permission to that directory
      • 1940: file location for Xdebug
      • 1941: creating a file in the profile output directory
      • 1942: when this setting is set to 1, you can use Xdebug_ The profile get / post parameter is used to trigger the generation of the profile, or set a file named Xdebug_ Cookie for profile. This will write the analyzer data to the defined directory. To prevent the profiler from generating profiles for each request, you need to set Xdebug. profiler_ Enable is 0
      • 1943: turn on auto tracking. In general, auto tracking is turned on, which makes it easier to find functions
      • 1944: when this setting is set to 1, Xdebug will display a stack trace when any exception or error is thrown, even if the exception or error was actually caught
      • 1945: when this setting is set to 1, Xdebug will always try to start a remote debugging session and try to connect to a client
      • 1946: this switch controls whether Xdebug should try to contact a debugging client that listens to the port set by Xdebug on the host. If the connection cannot be established, the script will continue as if the setting was 0
      • 1947: can only be “dbgp” to represent debugger protocol. Dbgp protocol is the only supported protocol
      • 1948: debug the host IP of the client remotely. If it is not determined, it can be usedxdebug.remote_ connect_ Back = 1 replaces this item
      • 1949: the port Xdebug is trying to connect to on the remote host
      • 1950: key for connecting IDE, customizable
      • Other parametersxdebug.trace_ Format = 0: log tracking output directory, 0 for human readable, 1 for machine-readable, 2 for HTML format, opened with a browser to read. Generally, 0 is used
      • xdebug.trace_ Options = 0: the method of adding records to the file. 0 represents overlay and 1 represents append. Generally, overlay is selected because the file grows larger and larger over time, which is not convenient for auditing
      • xdebug.collect_ Params = 4: display the content detail level. Select 4 here to display all variable contents and variable names
      • xdebug.collect_ Return = 1: display function return value, 0 means not display
      • xdebug.collect_ Vars = 1: displays which variables are used in the current scope, and displays the variable names
      • xdebug.collect_ Assignments = 1: add a row to display the variable assignment

The decryption function of 0x03 Xdebug

  • Xdbug also has a powerful function. It can automatically follow the “steps” of functions and variables to decrypt the encrypted content
  • By accessing encrypted files through web pages, Xdebug can generate log files, which can indirectly achieve the purpose of decryption
  • Use Notepad to open the log file to get the decrypted content