This tab contains settings for Burp's user interface,
HTTP message display,
character set handling, and HTML rendering.
These settings let you control the appearance of Burp's user interface.
You can configure the font size that is used throughout the UI (except for
display of HTTP messages), and also the Java
look-and-feel. Changes to these settings will take effect when Burp is
HTTP Message Display
These settings let you control how HTTP messages are displayed within the
HTTP message editor.
You can configure the font face and point size, and whether font smoothing
The following additional options are available:
- Highlight request syntax - This controls
whether syntax colorizing is done for request parameters.
- Highlight response syntax - This controls
whether syntax colorizing is done for response syntax.
- Analyze and display AMF messages (use with caution) - This
enables the display of AMF message contents.
Note: Burp uses a
third-party library for parsing AMF messages. Historically, there have
been security vulnerabilities in this library's processing of malicious
AMF messages. It is recommended that you do not enable this option when
accessing any untrusted application functionality or content.
These settings control how Burp handles different character sets when displaying
messages. The available options are:
- Recognize the character set of each message automatically, based on
the message headers. This is the default option, and lets you work
concurrently on messages that use different character sets.
- Use the platform default character set for all messages.
- Display messages as raw bytes (using ASCII encoding), without
processing any extended characters.
- Use a specific character set for all messages.
HTTP headers are always displayed in raw form - the charset encoding
options only apply to the message body.
Note that the glyphs required for some character sets are not supported
by all fonts. If you need to use an extended or unusual character set, you
should first try a
system font such as Courier New or Dialog.
The Render tab within the
HTTP message editor displays HTML
content approximately as it would appear in your browser. This option controls
whether Burp will make any additional HTTP requests that are required
to fully render HTML content (for example, for embedded images). Use of this
option involves a trade-off between the speed and the quality of HTML rendering,
and whether you wish to avoid making any further requests to the target
Monday, January 16, 2017
This release adds various enhancements and fixes:
- There is a new command-line option to launch Burp with a specified user configuration file.
- A bug that was recently introduced that prevented license activation in headless mode has been fixed.
- The Content Discovery function now correctly handles applications that have wildcard behavior for file extensions (e.g. those that return a specific response for admin.xxx regardless of the file extension). This eliminates the only known false positives reported by the new Content Discovery engine.
See all release notes ›