Natas Level 4 → Level 5

The error message suggest that any user coming to this page must be from natas5. In this case, we must fake a referral. Recently found a cool tool call Burp Suite that does intercept and more. After setting up my second browser (any browser) proxy to work with Burp, I intercepted the packet after I login as natas4 (or refresh). From Burp, I changed the header for Referer from natas4 to natas5. Forward the packet on and got the password back for the next level.


Other tool that work similarly are RefControl and Tamper on Firefox. However, Burp Suite seems to work with any browser once you set it up. Here is some information on HTTP Headers/Request Field.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s