Profiling with Xdebug and Kcachegrind

Here you can find the instructions for installing Xdebug and Kcachegrind to profile and debug PHP applications.

Supposing that you’re using the penguin, with Debian or *buntu, there are a few steps ( very easy steps ) that you have to do in order to set up an environment which helps you on debugging PHP and profiling scripts.

First of all install the software:

1
2
3
sudo apt-get install php5-xdebug

sudo apt-get install kcachegrind

then modify your php.ini:

1
sudo gedit /etc/php5/apache2/php.ini

inserting these lines of code:

1
2
3
4
5
6
; Xdebug params
xdebug.remote_enable = On
xdebug.profiler_enable=1
xdebug.profiler_output_dir = "/var/benchmark/"
zend_extension="/usr/lib/php5/20060613+lfs/xdebug.so"
xdebug.auto_trace = On

Remember to change, obviously, the values for profiler_output_dir and zend_extension.

TIP: to get zend_extension value use:

1
locate xdebug.so

Then remember to give apache write premissions of the profiler output directory and restart it:

1
sudo /etc/init.d/apache2 restart

Now you can navigate your local applications and find generated files in the output directory: you need to open these files with Kcachegrind and… …profile them!


Hi there! I recently wrote an ebook on web application security, currently sold on leanpub, the Amazon Kindle store and gumroad.

It contains 160+ pages of content dedicated to securing web applications and improving your security awareness when building web apps, with chapters ranging from explaining how to secure HTTP cookies with the right flags to understanding why it is important to consider joining a bug bounty program.

Feel free to skim through some of the free chapters published on this blog and, if the content seems interesting enough to you, grab a copy on leanpub, the Amazon Kindle store, gumroad or simply checkout right down below!

Buy the Web Application Security ebook for $6.99

In the mood for some more reading?

...or check the archives.