Make sure you are running an HTTP proxy on 127.0.0.1:8080 I suggest Burpsuite, Free Edition: https://portswigger.net/burp/download.html
I wrote this in Bash, not because it was easy, but because it was fast. This script lets you max out your CPU and network resources far better than Burpsuite, or a stand-alone python script, by taking advantage of the parallel program, and the many decades of C code optimization that's gone into Bash and GnuUtils.
[enumerate_url.sh]
#!/bin/bash
curlJsonEnum(){
# trim ending characters: space, tab, newline, carriage return
val=$(echo $1 | tr -d '\040\011\012\015');
echo "INFO: val = $val"
curl -X GET -sS \
-G "http://www.website.com/$val" \
-H "Accept: application/json" \
-x http://127.0.0.1:8080 2>&1 > /dev/null
}
export -f curlJsonEnum
curlGetParamEnum(){
# trim ending characters: space, tab, newline, carriage return
val=$(echo $1 | tr -d '\040\011\012\015');
echo "INFO: val = $val"
curl -X GET -sS \
-G 'http://www.website.com/url' \
-d "timestamp=Tue%20Mar%2029%202016%2019:24:05%20GMT-0400%20(EDT)" \
-d "search=$val" \
-c cookie.txt -b cookie.txt \
-x http://127.0.0.1:8080 2>&1 > /dev/null
}
export -f curlGetParamEnum
# check how many threads to run, lines to parse
echo "INFO: jobs = $1"
lines=$(wc -l < "$2");
echo "INFO: parsing $lines lines"
parallel --no-notice --jobs $1 --arg-file $2 curlJsonEnumUsage:
time ./enumberate_url.sh 8 numbers.txt