_        _______           _______  _           _____  
( \      (  ____ \|\     /|(  ____ \( \         / ___ \ 
| (      | (    \/| )   ( || (    \/| (        ( (   ) )
| |      | (__    | |   | || (__    | |        ( (___) |
| |      |  __)   ( (   ) )|  __)   | |         \____  |
| |      | (       \ \_/ / | (      | |              ) |
| (____/\| (____/\  \   /  | (____/\| (____/\  /\____) )
(_______/(_______/   \_/   (_______/(_______/  \______/ 

Progress: |=========..| 9/11


HTTP Referer is an optional HTTP header that specifies the URL of the webpage which is linked to the resource being requested. After checking the Referer, the new webpage can see where the request came from.

By default, all Amazon S3 resources are private, so only the AWS account that created them can access them. You can allow read access to these objects to anyone who specifies the HTTP Referer header in the request.

Important: Not Referrer, but Referer :)

Hint 1
Referer spoofing can be used to overcome a bucket policy conditions:

  "Effect": "Allow",
  "Principal": "*",
  "Action": "s3:GetObject",
  "Resource": "arn:aws:s3:::s3game-level9-781xtls2quvy/treasure9_referer",
  "Condition": {
      "StringLike": {
          "aws:Referer": [
              "http://s3game.treasure"
          ]
      }
  }



Need another hint?