Removed `username:password@` portion of example target URLs as
unfortunately this triggers warnings in most modern browsers. The
modules target CSRF vulnerabilities and it's expected and
acceptable behaviour to rely on the user having an authorized session by
default.
"Advanced users" will be familiar with the `username:password@` trick
and can add it to the URL if they desire.
5c678a2550