diff --git a/src/main/java/com/contrastsecurity/webgoat/selenium/ChromeScript.java b/src/main/java/com/contrastsecurity/webgoat/selenium/ChromeScript.java
index 8702292..8b4dbfb 100644
--- a/src/main/java/com/contrastsecurity/webgoat/selenium/ChromeScript.java
+++ b/src/main/java/com/contrastsecurity/webgoat/selenium/ChromeScript.java
@@ -10,7 +10,7 @@
 import org.openqa.selenium.chrome.ChromeOptions;
 
 public class ChromeScript {
-    public static void run(String un, String pw, String url, boolean headless, String driverPath, String browserBin) {
+    public static void run(String un, String pw, String url, boolean headless, boolean proxy, String proxyHost, String proxyPort, String driverPath, String browserBin) {
         ChromeOptions chromeOptions = new ChromeOptions();
         if (!browserBin.equals("null")) {
             chromeOptions.addExtensions(new File(browserBin));
@@ -21,6 +21,11 @@ public static void run(String un, String pw, String url, boolean headless, Strin
         if (headless) {
             chromeOptions.addArguments("--headless");
         }
+
+        if (proxy) {
+            chromeOptions.addArguments("--proxy-server=" + proxyHost + ":" + proxyPort);
+        }
+    
         if (System.getProperty("os.name").startsWith("Windows")) {
             chromeOptions.addArguments("--disable-gpu");
         }
@@ -50,7 +55,7 @@ public static void run(String un, String pw, String url, boolean headless, Strin
             driver.get(url + "/start.mvc#lesson/SqlInjection.lesson/6");
             delay(1000);
             retryingFindSendKeys(driver, By.xpath("//*[@id=\"lesson-content-wrapper\"]/div[6]/div[9]/div[2]/form/table/tbody/tr/td[2]/input"), "' OR '1'='1");
-            // driver.findElement(By.name("account")).sendKeys("' OR '1'='1");
+            //driver.findElement(By.name("account")).sendKeys("' OR '1'='1");
             driver.findElement(By.name("Get Account Info")).click();
 
             // Navigate to Numeric SQL Injection section
@@ -65,31 +70,32 @@ public static void run(String un, String pw, String url, boolean headless, Strin
             driver.findElement(By.name("userid_6b")).sendKeys("dave");
             driver.findElement(By.xpath("/html/body/section/section/section/div[1]/div[1]/div/div/div/div[6]/div[5]/div[3]/form/table/tbody/tr/td[3]/input")).click();
 
-            driver.get(url + "/start.mvc#lesson/SqlInjectionAdvanced.lesson/4");
-            driver.findElement(By.id("username4")).sendKeys("username");
-            driver.findElement(By.id("password4")).sendKeys("password");
-            driver.findElement(By.id("login-submit")).click();
+            // This is not a valid exploit and commenting out for now
+            //driver.get(url + "/start.mvc#lesson/SqlInjectionAdvanced.lesson/4");
+            //driver.findElement(By.id("username4")).sendKeys("username");
+            //driver.findElement(By.id("password4")).sendKeys("password");
+            //driver.findElement(By.id("login-submit")).click();
 
             // SQL Injection (mitigations)
-            driver.navigate().to(url + "/start.mvc#lesson/SqlInjectionMitigations.lesson/7");
-            delay(1000);
-            driver.findElement(By.xpath("/html/body/section/section/section/div[1]/div[1]/div/div/div/div[6]/div[10]/div[3]/form[1]/div/div/div/table/thead/tr/th[4]/span")).click();
+            //driver.navigate().to(url + "/start.mvc#lesson/SqlInjectionMitigations.lesson/7");
+            //delay(1000);
+            //driver.findElement(By.xpath("/html/body/section/section/section/div[1]/div[1]/div/div/div/div[6]/div[10]/div[3]/form[1]/div/div/div/table/thead/tr/th[4]/span")).click();
 
             // XXE (page 3)
             driver.navigate().to(url + "/start.mvc#lesson/XXE.lesson/2");
-            driver.findElement(By.id("commentInputSimple")).sendKeys("Test comment");
+            driver.findElement(By.id("commentInputSimple")).sendKeys("<!DOCTYPE user [<!ENTITY root SYSTEM \"file:///\"> ]><comment><text>&root;");
             driver.findElement(By.id("postCommentSimple")).submit();
 
             // XXE (page 4)
             driver.navigate().to(url + "/start.mvc#lesson/XXE.lesson/3");
             retryingFindSendKeys(driver, By.id("commentInputContentType"), "Test comment 2");
-            // driver.findElement(By.id("commentInputContentType")).sendKeys("Test comment 2");
+            // not my comment out driver.findElement(By.id("commentInputContentType")).sendKeys("Test comment 2");
             driver.findElement(By.id("postCommentContentType")).submit();
 
             //XXE (page 7)
-            driver.navigate().to(url + "/start.mvc#lesson/XXE.lesson/6");
-            driver.findElement(By.id("commentInputBlind")).sendKeys("Test comment 3");
-            driver.findElement(By.id("postCommentBlind")).submit();
+            //driver.navigate().to(url + "/start.mvc#lesson/XXE.lesson/6");
+            //driver.findElement(By.id("commentInputBlind")).sendKeys("Test comment 3");
+            //driver.findElement(By.id("postCommentBlind")).submit();
 
             // XSS (page 2)
             driver.navigate().to(url + "/start.mvc#lesson/CrossSiteScripting.lesson/1");
diff --git a/src/main/java/com/contrastsecurity/webgoat/selenium/FirefoxScript.java b/src/main/java/com/contrastsecurity/webgoat/selenium/FirefoxScript.java
index 2dbfda8..aead415 100644
--- a/src/main/java/com/contrastsecurity/webgoat/selenium/FirefoxScript.java
+++ b/src/main/java/com/contrastsecurity/webgoat/selenium/FirefoxScript.java
@@ -4,12 +4,13 @@
 import java.util.concurrent.TimeUnit;
 
 import org.openqa.selenium.By;
+import org.openqa.selenium.Proxy;
 import org.openqa.selenium.firefox.FirefoxBinary;
 import org.openqa.selenium.firefox.FirefoxDriver;
 import org.openqa.selenium.firefox.FirefoxOptions;
 
 public class FirefoxScript {
-    public static void run(String un, String pw, String url, boolean headless, String gecko, String browserBin) {
+    public static void run(String un, String pw, String url, boolean headless, boolean proxy, String proxyHost, String proxyPort, String gecko, String browserBin) {
         FirefoxBinary firefoxBinary = new FirefoxBinary();
         if (!browserBin.equals("null")) {
             File bin = new File(browserBin);
@@ -21,6 +22,11 @@ public static void run(String un, String pw, String url, boolean headless, Strin
         System.setProperty("webdriver.gecko.driver", gecko);
         FirefoxOptions firefoxOptions = new FirefoxOptions();
         firefoxOptions.setBinary(firefoxBinary);
+        if (proxy) {
+            Proxy p = new Proxy();
+            p.setHttpProxy(proxyHost + ":" + proxyPort);
+            firefoxOptions.setProxy(p);
+        }
         FirefoxDriver driver = new FirefoxDriver(firefoxOptions);
 
         try {
diff --git a/src/main/java/com/contrastsecurity/webgoat/selenium/Main.java b/src/main/java/com/contrastsecurity/webgoat/selenium/Main.java
index b17aa07..1221b39 100644
--- a/src/main/java/com/contrastsecurity/webgoat/selenium/Main.java
+++ b/src/main/java/com/contrastsecurity/webgoat/selenium/Main.java
@@ -12,6 +12,9 @@ public class Main {
     static private boolean firefox = false;
     static private String driverPath = "null";
     static private String browserBin = "null";
+    static private boolean proxy = false;
+    static String proxyHost = "127.0.0.1"; // Default proxy host
+    static String proxyPort = "8080"; // Default proxy port 
 
     public static void main(String[] args) {
         String port_regex = "([0-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])";
@@ -52,6 +55,21 @@ public static void main(String[] args) {
                 case "-headless":
                     headless = true;
                     break;
+                case "-proxy":
+                    proxy = true;
+                    break;
+                case "-proxyHost":
+                    if (i == args.length -1 || args[i + 1].charAt(0) == '-')
+                        throw new IllegalArgumentException("Expected argument after: " + args[i]);
+                    proxyHost = args[i++ + 1];
+                    break;
+                case "-proxyPort":
+                    if (i == args.length -1 || args[i + 1].charAt(0) == '-')
+                        throw new IllegalArgumentException("Expected argument after: " + args[i]);
+                    if (!args[i + 1].matches(port_regex))
+                        throw new IllegalArgumentException("Not a valid proxyPort: " + args[i + 1] + ". Valid ports are 0-65535.");
+                    proxyPort = args[i++ + 1];
+                    break;
                 case "-driver":
                     if (i == args.length -1 || args[i + 1].charAt(0) == '-')
                         throw new IllegalArgumentException("Expected argument after: " + args[i]);
@@ -95,12 +113,16 @@ public static void main(String[] args) {
         System.out.println("pw: " + pw);
         System.out.println("host: " + host);
         System.out.println("port: " + port);
+        if (proxy){
+            System.out.println("proxyHost: " + proxyHost);
+            System.out.println("proxyPort: " + proxyPort);
+        }
         System.out.println("ssl: " + ssl);
         System.out.println("url: " + baseUrl);
         if (firefox) {
-            FirefoxScript.run(un, pw, baseUrl, headless, driverPath, browserBin);
+            FirefoxScript.run(un, pw, baseUrl, headless, proxy, proxyHost, proxyPort, driverPath, browserBin);
         } else {
-            ChromeScript.run(un, pw, baseUrl, headless, driverPath, browserBin);
+            ChromeScript.run(un, pw, baseUrl, headless, proxy, proxyHost, proxyPort, driverPath, browserBin);
         }
     }
 }