--- netcat-4.0.20061122/usr.bin/nc/nc.1
+++ netcat-4.0.20061122/usr.bin/nc/nc.1
@@ -37,7 +37,10 @@
 .Op Fl 46DdhklnrStUuvz
 .Op Fl e Ar command
 .Op Fl i Ar interval
-.Op Fl P Ar proxy_username
+.Oo Xo
+.Fl P Ar proxy_username Ns Oo : Ns
+.Ar proxy_password Oc Oc
+.Xc
 .Op Fl p Ar source_port
 .Op Fl s Ar source_ip_address
 .Op Fl T Ar ToS
@@ -133,9 +136,16 @@ option are ignored.
 .It Fl n
 Do not do any DNS or service lookups on any specified addresses,
 hostnames or ports.
-.It Fl P Ar proxy_username
-Specifies a username to present to a proxy server that requires authentication.
+.It Xo
+.Fl P Ar proxy_username Ns Oo : Ns
+.Ar proxy_password Oc
+.Xc
+Specifies a username and, optionally, password to present to a proxy
+server that requires authentication.
 If no username is specified then authentication will not be attempted.
+If no password is specified then
+.Nm
+will request it.
 Proxy authentication is only supported for HTTP CONNECT proxies at present.
 .It Fl p Ar source_port
 Specifies the source port
--- netcat-4.0.20061122/usr.bin/nc/netcat.c
+++ netcat-4.0.20061122/usr.bin/nc/netcat.c
@@ -933,7 +933,7 @@ help(void)
 	\t-k		Keep inbound sockets open for multiple connects\n\
 	\t-l		Listen mode, for inbound connects\n\
 	\t-n		Suppress name/port resolutions\n\
-	\t-P proxyuser\tUsername for proxy authentication\n\
+	\t-P proxyuser[:pass]\tUsername and optionally password for proxy authentication\n\
 	\t-p port\t	Specify local port for remote connects\n\
 	\t-r		Randomize remote ports\n"
 #if defined (HAVE_TCP_MD5SIG)
--- netcat-4.0.20061122/usr.bin/nc/socks.c
+++ netcat-4.0.20061122/usr.bin/nc/socks.c
@@ -286,10 +286,13 @@ socks_connect(const char *host, const char *port,
 
 		if (authretry > 1) {
 			char resp[1024];
-
-			proxypass = getproxypass(proxyuser, proxyhost);
-			r = snprintf(buf, sizeof(buf), "%s:%s",
-			    proxyuser, proxypass);
+			if (strchr(proxyuser, ':'))
+			    r = snprintf(buf, sizeof(buf), "%s", proxyuser);
+			else {
+			    proxypass = getproxypass(proxyuser, proxyhost);
+			    r = snprintf(buf, sizeof(buf), "%s:%s",
+				proxyuser, proxypass);
+			}
 			if (r == -1 || (size_t)r >= sizeof(buf) ||
 			    b64_ntop(buf, strlen(buf), resp,
 			    sizeof(resp)) == -1)