diff --git a/README b/README
index e313a81..ffa2286 100644
--- a/README
+++ b/README
@@ -98,6 +98,8 @@ COMMAND LINE FLAGS
 	documented at <https://www.certificate-transparency.org/known-logs>.
 	Default: https://loglist.certspotter.org/monitor.json which includes the union
 	of active logs recognized by Chrome and Apple.
+  -proxyurl
+	Proxy URL to use for http connections (eg. http://my.proxy.com:8080) 
   -state_dir PATH
 	Directory for storing state. Default: ~/.certspotter
   -verbose
diff --git a/cmd/common.go b/cmd/common.go
index 1bc44f0..5962962 100644
--- a/cmd/common.go
+++ b/cmd/common.go
@@ -15,6 +15,7 @@ import (
 	"flag"
 	"fmt"
 	"log"
+	"net/url"
 	"os"
 	"os/user"
 	"path/filepath"
@@ -35,6 +36,7 @@ var noSave = flag.Bool("no_save", false, "Do not save a copy of matching certifi
 var verbose = flag.Bool("verbose", false, "Be verbose")
 var startAtEnd = flag.Bool("start_at_end", false, "Start monitoring logs from the end rather than the beginning")
 var allTime = flag.Bool("all_time", false, "Scan certs from all time, not just since last scan")
+var proxy = flag.String("proxyurl", "", "Proxy URL to use for http connections (eg. http://my.proxy.com:8080)")
 var state *State
 
 var printMutex sync.Mutex
@@ -106,10 +108,17 @@ func makeLogHandle(logInfo *loglist.Log) (*logHandle, error) {
 	if err != nil {
 		return nil, fmt.Errorf("Bad public key: %s", err)
 	}
+	
+	proxyURL, err := url.Parse(*proxy)
+	if *proxy == "" {
+		proxyURL = nil
+	}
+
 	ctlog.scanner = certspotter.NewScanner(logInfo.URL, logInfo.LogID, logKey, &certspotter.ScannerOptions{
 		BatchSize:  *batchSize,
 		NumWorkers: *numWorkers,
 		Quiet:      !*verbose,
+		ProxyURL:   proxyURL,
 	})
 
 	ctlog.state, err = state.OpenLogState(logInfo)
diff --git a/ct/client/logclient.go b/ct/client/logclient.go
index 209d680..aef67be 100644
--- a/ct/client/logclient.go
+++ b/ct/client/logclient.go
@@ -86,7 +86,7 @@ type addChainResponse struct {
 // New constructs a new LogClient instance.
 // |uri| is the base URI of the CT log instance to interact with, e.g.
 // http://ct.googleapis.com/pilot
-func New(uri string) *LogClient {
+func New(uri string, proxyURL *url.URL) *LogClient {
 	var c LogClient
 	c.uri = uri
 	transport := &httpclient.Transport{
@@ -106,6 +106,9 @@ func New(uri string) *LogClient {
 			InsecureSkipVerify: true,
 		},
 	}
+	if proxyURL != nil {
+		transport.Proxy = http.ProxyURL(proxyURL)
+	}
 	c.httpClient = &http.Client{Transport: transport}
 	return &c
 }
diff --git a/scanner.go b/scanner.go
index 59295b0..97c3dbd 100644
--- a/scanner.go
+++ b/scanner.go
@@ -19,6 +19,7 @@ import (
 	"errors"
 	"fmt"
 	"log"
+	"net/url"
 	"strings"
 	"sync"
 	"sync/atomic"
@@ -45,6 +46,9 @@ type ScannerOptions struct {
 
 	// Don't print any status messages to stdout
 	Quiet bool
+
+	// Proxy stuff
+	ProxyURL *url.URL
 }
 
 // Creates a new ScannerOptions struct with sensible defaults
@@ -53,6 +57,7 @@ func DefaultScannerOptions() *ScannerOptions {
 		BatchSize:  1000,
 		NumWorkers: 1,
 		Quiet:      false,
+		ProxyURL:   nil,
 	}
 }
 
@@ -316,7 +321,7 @@ func NewScanner(logUri string, logId []byte, publicKey crypto.PublicKey, opts *S
 	scanner.LogUri = logUri
 	scanner.LogId = logId
 	scanner.publicKey = publicKey
-	scanner.logClient = client.New(strings.TrimRight(logUri, "/"))
+	scanner.logClient = client.New(strings.TrimRight(logUri, "/"), opts.ProxyURL)
 	scanner.opts = *opts
 	return &scanner
 }