Natas Level 3 -> Level 4

Skills - BurpSuite or proxy, HTTP Headers

Username: natas4
Password: Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ
Target URL: http://natas4.natas.labs.overthewire.org

Initial Login

The access is disallowed if you directly try visit the site. It says to come from http://natas5.natas.labs.overthewire.org. If you directly visit http://natas5.natas.labs.overthewire.org with "natas4" creds, it says unauthorized.

Viewing page source will reveal nothing. We need to think of accessing target URL by visiting http://natas5.natas.labs.overthewire.org and somehow re-directing to target URL.

For this, we need to start using proxy (I have used BurpSuite community edition) - https://www.youtube.com/watch?v=YCCrVtvAu2I

Original request when clicked "Refresh Page" - We see "Referer" field being used and it comes from target URL itself, which is quite normal. But looking at the homepage., it says access is allowed to homepage is only through http://natas5.natas.labs.overthewire.org. Let's change Referer to "http://natas5.natas.labs.overthewire.org"

Original request

Modified Request - We modify referrer as shown below. Also, modify /index.php in the GET request as that will likely throw as error too.

Modified Request

Once you forward the modified request, you will land to homepage and get the flag.

Password - iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq