The error message suggest that any user coming to this page must be from natas5. In this case, we must fake a referral. Recently found a cool tool call Burp Suite that does intercept and more. After setting up my second browser (any browser) proxy to work with Burp, I intercepted the packet after I login as natas4 (or refresh). From Burp, I changed the header for Referer from natas4 to natas5. Forward the packet on and got the password back for the next level.
Other tool that work similarly are RefControl and Tamper on Firefox. However, Burp Suite seems to work with any browser once you set it up. Here is some information on HTTP Headers/Request Field.