Why SQLMap Doesn’t Attack Specified Parameter?

I am new to SQLMap. I have setup Kali and OWASPBWA VM. Both VMs are on same NAT Network set in VirtualBox.

When I try to run following command:

sqlmap -u "http://<IP_ADDRESS>/mutillidae/index.php?page=user-info.php?username=111&password=bbb&user-info-php-submit-button=View+Account+Details" -p username 

I get following messages:

  • Previous heuristics detected that the target is protected by some kind of WAF/IPS.
  • Multiple messages – Unable to connect to the targeturl. sqlmap is trying to reconnect.
  • heuristics test shows that GET parameter ‘username’ might not be injectable.

There are several YouTube videos which display same setup with above 2 VMs, and are able to run the command and find injection in username parameter. What am I doing wrong? Please help.