Over the wire Natas Level 4 Objective: Get password for Level 5 Solution: This page just shows a text box Access disallowed. You are visiting from "" while authorized users should come only from http://natas5.natas.labs.overthewire.org/ Ok so the message here is pointing us to the referring website. IF we fire up burp suite and turn on intercept we can see this GET /index.php HTTP/1.1 Host: natas4.natas.labs.overthewire.org User-Agent: Mozilla/5.0 (Linux; Android 7.0; PLUS Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.98 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://natas4.natas.labs.overthewire.org/ Cookie: __cfduid=dc1833b1d7b69b3cac3c87671133dc9051557462221; __utma=176859643.791061132.1557462220.1558030716.1570727565.8; __utmz=176859643.1557462220.1.1.utmcsr=(direct)|utmccn=
@circusmonkey404 on the twitters; DM for contact