Try to guess the parameter using burp suite intruder or any other fuzzers.


Use the top 1000 entries of https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/burp-parameter-names.txt