Do you have any suggestions on how? I do not doubt it can be automated, but it is one of few vulnerability types I do not have an intuitively understanding on how it should be done.
It seems hard to automatically understanding the difference with IDOR-vulnerability in the HR-system (from your link), salary.php?employee=EMP-00000 where you can change the ID for another employee and article.php?id=123 in a newspaper site.
Would it have to understand the difference? You could do pretty well with a crawler that detects such fields (by checking a simple increment, say) that then spits out URL/field combinations. Then you just need to scan through those and follow up on the ones that look like security holes.
You could focus on links that aren't in Google's cache, or links that match some numerical pattern in a set cookie, etc. Cookies are probably a whole thing on their own in this space too.
It seems hard to automatically understanding the difference with IDOR-vulnerability in the HR-system (from your link), salary.php?employee=EMP-00000 where you can change the ID for another employee and article.php?id=123 in a newspaper site.