diff --git a/cmd/common.go b/cmd/common.go
index 8f86fba..8c3ca65 100644
--- a/cmd/common.go
+++ b/cmd/common.go
@@ -14,6 +14,7 @@ import (
 	"flag"
 	"fmt"
 	"log"
+	"net/url"
 	"os"
 	"os/user"
 	"path/filepath"
@@ -31,6 +32,7 @@ var underwater = flag.Bool("underwater", false, "Monitor certificates from distr
 var noSave = flag.Bool("no_save", false, "Do not save a copy of matching certificates")
 var verbose = flag.Bool("verbose", false, "Be verbose")
 var allTime = flag.Bool("all_time", false, "Scan certs from all time, not just since last scan")
+var proxy = flag.String("proxyurl", "", "Proxy URL to use for http connections (eg. http://my.proxy.com:8080)")
 var state *State
 
 var printMutex sync.Mutex
@@ -108,11 +110,17 @@ func makeLogHandle(logInfo *certspotter.LogInfo) (*logHandle, error) {
 	if err != nil {
 		return nil, fmt.Errorf("Bad public key: %s", err)
 	}
+
+	proxyURL, err := url.Parse(*proxy)
+	if *proxy == "" {
+		proxyURL = nil
+	}
+
 	ctlog.scanner = certspotter.NewScanner(logInfo.FullURI(), logInfo.ID(), logKey, &certspotter.ScannerOptions{
 		BatchSize:  *batchSize,
 		NumWorkers: *numWorkers,
 		Quiet:      !*verbose,
-	})
+		ProxyURL:   proxyURL})
 
 	ctlog.state, err = state.OpenLogState(logInfo)
 	if err != nil {
diff --git a/ct/client/logclient.go b/ct/client/logclient.go
index 209d680..ac6ec9b 100644
--- a/ct/client/logclient.go
+++ b/ct/client/logclient.go
@@ -86,9 +86,10 @@ type addChainResponse struct {
 // New constructs a new LogClient instance.
 // |uri| is the base URI of the CT log instance to interact with, e.g.
 // http://ct.googleapis.com/pilot
-func New(uri string) *LogClient {
+func New(uri string, proxyURL *url.URL) *LogClient {
 	var c LogClient
 	c.uri = uri
+
 	transport := &httpclient.Transport{
 		ConnectTimeout:        10 * time.Second,
 		RequestTimeout:        60 * time.Second,
@@ -106,6 +107,9 @@ func New(uri string) *LogClient {
 			InsecureSkipVerify: true,
 		},
 	}
+	if proxyURL != nil {
+		transport.Proxy = http.ProxyURL(proxyURL)
+	}
 	c.httpClient = &http.Client{Transport: transport}
 	return &c
 }
diff --git a/scanner.go b/scanner.go
index fe1becb..92d88af 100644
--- a/scanner.go
+++ b/scanner.go
@@ -13,6 +13,7 @@
 package certspotter
 
 import (
+	"net/url"
 	//	"container/list"
 	"bytes"
 	"crypto"
@@ -44,6 +45,9 @@ type ScannerOptions struct {
 
 	// Don't print any status messages to stdout
 	Quiet bool
+
+	//
+	ProxyURL *url.URL
 }
 
 // Creates a new ScannerOptions struct with sensible defaults
@@ -52,6 +56,7 @@ func DefaultScannerOptions() *ScannerOptions {
 		BatchSize:  1000,
 		NumWorkers: 1,
 		Quiet:      false,
+		ProxyURL:   nil,
 	}
 }
 
@@ -315,7 +320,7 @@ func NewScanner(logUri string, logId []byte, publicKey crypto.PublicKey, opts *S
 	scanner.LogUri = logUri
 	scanner.LogId = logId
 	scanner.publicKey = publicKey
-	scanner.logClient = client.New(logUri)
+	scanner.logClient = client.New(logUri, opts.ProxyURL)
 	scanner.opts = *opts
 	return &scanner
 }