I was using Burp Suite to do some security testing on a site and I noticed that when it detects ViewState it will automatically tell you whether it has MAC enabled.
I'm curious if anyone know of a programatic way to determine if MAC is enabled if you are crawling a site without actually attempting to modify the ViewState, submit it and see if anything blows up?
From what I can tell Burp Suite is doing this just by look at the request (and not modifying/submitting).