login

Burp Suite, the leading toolkit for web application security testing

Options: Display

This tab contains settings for Burp's user interface, HTTP message display, character set handling, and HTML rendering.

User Interface

These settings let you control the appearance of Burp's user interface. You can configure the font size that is used throughout the UI (except for display of HTTP messages), and also the Java look-and-feel. Changes to these settings will take effect when Burp is restarted.

HTTP Message Display

These settings let you control how HTTP messages are displayed within the HTTP message editor. You can configure the font face and point size, and whether font smoothing is used.

The following additional options are available:

Character Sets

These settings control how Burp handles different character sets when displaying raw HTTP messages. The available options are:

HTTP headers are always displayed in raw form - the charset encoding options only apply to the message body.

Note that the glyphs required for some character sets are not supported by all fonts. If you need to use an extended or unusual character set, you should first try a system font such as Courier New or Dialog.

HTML Rendering

The Render tab within the HTTP message editor displays HTML content approximately as it would appear in your browser. This option controls whether Burp will make any additional HTTP requests that are required to fully render HTML content (for example, for embedded images). Use of this option involves a trade-off between the speed and the quality of HTML rendering, and whether you wish to avoid making any further requests to the target application.

 

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Thursday, September 8, 2016

1.7.06

This release introduces a new scan check for second-order SQL injection vulnerabilities. In situations where Burp observes stored user input being returned in a response, Burp Scanner now performs its usual logic for detecting SQL injection, with payloads supplied at the input submission point, and evidence for a vulnerability detected at the input retrieval point.

See all release notes ›

Copyright © 2016 PortSwigger Ltd. All rights reserved.