You can script the scanner to auto-decode B64 cookie once you found them: http://blog.portswigger.net/2012/12/sample-burp-suite-extens...
It all boils down to: how can you be so sure if your tool/process is finding most vulnerabilities than others, and can you prove it?
If I were your client, I would be very worried by now.
You can script the scanner to auto-decode B64 cookie once you found them: http://blog.portswigger.net/2012/12/sample-burp-suite-extens...
It all boils down to: how can you be so sure if your tool/process is finding most vulnerabilities than others, and can you prove it?
If I were your client, I would be very worried by now.