Credentials
Username: natas4
Password: tKOcJIbzM4lTs8hbCmzn5Zr4434fGZQm
URL: <http://natas4.natas.labs.overthewire.org>
Working
Page says we’re not allowed to access the password because we’re considered unauthorized users as authorized user visit from "http://natas5.natas.labs.overthewire.org/"

Methodology
- Visit Lab URL.
- Set up a listener/interceptor to the web-page like MITM(man in the middle) or you can use zaproxy or burpsuite. I’m using burpsuite in this method.
- Setup burpsuite proxy configuration in your browser and Turn on the interceptor on burpsuite on proxy tab.
- Visit Lab Url again in your browser, this time the interceptor on burpsuite picks up the request.
- Edit Headers by adding Referfer (according to website, authorize user only comes from http://natas5.natas.labs.overthewire.org/),
Referer: <http://natas5.natas.labs.overthewire.org/>

- Click on Forward button and see the website with credentials in your Browser page.
Findings
Credentials for next level can be seen here.

Password: Z0NsrtIkJoKALBCLi5eqFfcRN82Au2oD