There is a new CSRF generator, which produces proof-of-concept HTML for generating virtually any HTTP request. You can access this feature by right-clicking any item within Burp, and using the engagement tools context menu to select "generate CSRF PoC".
Some useful features are:
- Support for all form encoding types: standard URL encoding, multipart encoding, and plain text encoding.
- Auto-detection of the optimal encoding type, with manual override.
- Ability to edit both the request and response in-place, to fine tune attacks.
- In-browser testing, by pasting a URL into your browser that will cause Burp Proxy to serve up the CSRF PoC in its response.