Problem 
We arrive at a webpage that says:
Access disallowed. You are visiting from “” while authorized users should come only from “http://natas5.natas.labs.overthewire.org/”
Solution 
Let’s take a look at the page.
We see a link to /index.php let’s follow it.
Now the text on the webpage changes. It says we’re visiting from http://natas4.natas.labs.overthewire.org/index.php, so let’s take a look at our request headers. This is the developer tools, opened with “inspect” page and then choosing to open it in a seperate window instead of docked window.
From here we see out request parameter (inside our request header), the “Referer” parameter value mathces with what is displayed on the webpage, let’s try and change it into “somewhere” by clicking “edit and resend”.
Let’s see the response from the developer tools.
Looks like we actually changed it! Time to change it into the desired value which is http://natas4.natas.labs.overthewire.org/index.php! Here’s the entire walkthrough.
I pressed F5 to refresh the page when I was in the “Network” tab in the dev tools.
Flag 
iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq
Takeaway 
- Now we know how to do Parameter Tampering!
| ‹ Previous in Web exploitation: Natas3 | Next in Web exploitation: Natas5 › |