These settings let you control the appearance of Burp's user interface. You can configure the font size that is used throughout the UI (except for display of HTTP messages), and also the Java look-and-feel. Changes to these settings will take effect when Burp is restarted.
These settings let you control how HTTP messages are displayed within the raw HTTP message editor. You can configure the font face and point size, and whether font smoothing is used. You can also configure whether syntax colorizing is done for request parameters and response syntax.
These settings control how Burp handles different character sets when displaying raw HTTP messages. The available options are:
HTTP headers are always displayed in raw form - the charset encoding options only apply to the message body.
Note that the glyphs required for some character sets are not supported by all fonts. If you need to use an extended or unusual character set, you should first try a system font such as Courier New or Dialog.
The Render tab within the HTTP message editor displays HTML content approximately as it would appear in your browser. This option controls whether Burp will make any additional HTTP requests that are required to fully render HTML content (for example, for embedded images). Use of this option involves a trade-off between the speed and the quality of HTML rendering, and whether you wish to avoid making any further requests to the target application.
Get help and join the community discussions at the Burp Suite Support Center.
This release adds a new Scanner check for path-relative style sheet import (PRSSI) vulnerabilities.
These issues are not widely understood by security testers or application developers, and real vulnerabilities are quite prevalent in the wild. The impact of the vulnerability is in many cases serious, and equivalent to cross-site scripting (XSS).