Sqlmap waf bypass

This is my first post here, sorry for my english.

Im making some test around, because i want to learn more about sql injection. Im not really good as manual sql injection, so im using sqlmap.

what im know from my target is: Asp.net application Mysql database Powered by plesk and probably ModSecurity Waf. There is a Waf, not sure is modsecurity but Plesk use it.

Im sure some url are vulnerable. But you can reach vulnerable url only as logged user. And when i try to use sqlmap, my asp. session get istantly killed.

What i have tested and work better:

–skip-waf, because the sqlmap waf test, trigger the waf and my session was killed.

–delay 7/8 second

–tamper=”modsecurityversioned,randomcomments,between” make the test during more, but on last test crash on paylod with = character.

Can i have some suggestion? What is the most undetected method ? BLind, time, error? Tamper suggestion?