diff --git a/README.md b/README.md
index 38363c3..0b46b95 100644
--- a/README.md
+++ b/README.md
@@ -39,6 +39,8 @@ sudo ./gotproxy [flags]
 | **--p-pid** | The process ID of the proxy. If not provided, the program will automatically start a forwarding proxy. |
 | **--p-port** | The proxy port. |
 | **--socks5**	| The SOCKS5 proxy Server network address. If configured, SOCKS5 proxying will be used. |
+| **--socks5-user** | SOCKS5 username (RFC1929). Must be set together with `--socks5-pass`. |
+| **--socks5-pass** | SOCKS5 password (RFC1929). Must be set together with `--socks5-user`. |
 | **--proto** | Proxy protocol selection: `both` (default) / `tcp` / `udp`. When set to `tcp`, only TCP traffic will be redirected; when set to `udp`, only UDP traffic will be redirected. |
 
 Features Under Development：
@@ -57,6 +59,12 @@ sudo ./gotproxy --socks5 192.168.1.2:1080
  ```
 Where '192.168.1.2:1080' is the IP and port of the SOCKS5 proxy server.
 
+SOCKS5 with username/password:
+
+```bash
+sudo ./gotproxy --socks5 192.168.1.2:1080 --socks5-user alice --socks5-pass 'secret'
+```
+
 3. TCP-only proxy:
 ```bash
 sudo ./gotproxy --proto tcp
diff --git a/README_CN.md b/README_CN.md
index 63fbd25..3458119 100644
--- a/README_CN.md
+++ b/README_CN.md
@@ -40,6 +40,8 @@ sudo ./gotproxy [flags]
 | **--p-pid** | 代理程序的进程id. 会自动过滤不代理该进程的网络通信，以免网络循环。如果没有配置, 本程序会自动启动一个转发代理服务. |
 | **--p-port** | 代理服务监听的端口。 |
 | **--socks5** | socks5代理的服务端地址，如果配置，会进行socks5代理. |
+| **--socks5-user** | socks5 账号（RFC1929）。需要同时设置 `--socks5-pass`。 |
+| **--socks5-pass** | socks5 密码（RFC1929）。需要同时设置 `--socks5-user`。 |
 | **--proto** | 代理协议选择：`both`（默认）/ `tcp` / `udp`。当设置为 `tcp` 时只重定向 TCP 流量；设置为 `udp` 时只重定向 UDP 流量。 |
 
 
@@ -62,6 +64,12 @@ sudo ./gotproxy --socks5 192.168.1.2:1080
  ```
 其中‘192.168.1.2:1080’是socks5代理服务器的ip和端口
 
+也支持带账号密码的 socks5 上游：
+
+```bash
+sudo ./gotproxy --socks5 192.168.1.2:1080 --socks5-user alice --socks5-pass 'secret'
+```
+
 3. 仅代理 TCP:
 ```bash
 sudo ./gotproxy --proto tcp
diff --git a/cmd/cmd.go b/cmd/cmd.go
index 12f58a6..808ac88 100644
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -17,6 +17,8 @@ var (
 	pids            []string
 	ipStr           string
 	socks5ProxyAddr string
+	socks5User      string
+	socks5Pass      string
 	proto           string
 )
 
@@ -24,6 +26,10 @@ var rootCmd = &cobra.Command{
 	Use:   "gotproxy",
 	Short: "A simple tcp transparent proxy tool for Linux",
 	Run: func(cmd *cobra.Command, args []string) {
+		if err := validateSocks5UpstreamConfig(); err != nil {
+			log.Fatal(err)
+		}
+
 		var enableTCP, enableUDP bool
 		switch proto {
 		case "both":
@@ -89,5 +95,7 @@ func init() {
 	rootCmd.PersistentFlags().StringSliceVar(&pids, "pids", []string{}, "The pid to be proxied, seperate by ','")
 	rootCmd.PersistentFlags().StringVar(&ipStr, "ip", "", "The ip to be proxied,only support ipv4")
 	rootCmd.PersistentFlags().StringVar(&socks5ProxyAddr, "socks5", "", "The socks5 proxyAddr.")
+	rootCmd.PersistentFlags().StringVar(&socks5User, "socks5-user", "", "The SOCKS5 username. Requires --socks5-pass.")
+	rootCmd.PersistentFlags().StringVar(&socks5Pass, "socks5-pass", "", "The SOCKS5 password. Requires --socks5-user.")
 	rootCmd.PersistentFlags().StringVar(&proto, "proto", "both", "Proxy protocol: both|tcp|udp")
 }
diff --git a/cmd/tcpProxy.go b/cmd/tcpProxy.go
index a3eaae3..7163c2a 100644
--- a/cmd/tcpProxy.go
+++ b/cmd/tcpProxy.go
@@ -116,7 +116,12 @@ func getTargetConnection(conn net.Conn) (net.Conn, error) {
 		return targetConn, nil
 	}
 
-	dialer, err := proxy.SOCKS5("tcp", socks5ProxyAddr, nil, proxy.Direct)
+	auth, err := socks5AuthOrNil()
+	if err != nil {
+		return nil, err
+	}
+
+	dialer, err := proxy.SOCKS5("tcp", socks5ProxyAddr, auth, proxy.Direct)
 	if err != nil {
 		return nil, fmt.Errorf("cannot create SOCKS5 dialer: %w", err)
 	}
diff --git a/cmd/udpProxy.go b/cmd/udpProxy.go
index e16fe6a..0255ba7 100644
--- a/cmd/udpProxy.go
+++ b/cmd/udpProxy.go
@@ -108,7 +108,11 @@ func getUDPOriginalDest(clientAddr *net.UDPAddr, udpMap *ebpf.Map) (string, erro
 
 func dialUDPViaSOCKS5(targetAddr string) (net.Conn, error) {
 
-	client, err := socks5.NewClient(socks5ProxyAddr, "", "", 0, 0)
+	if err := validateSocks5UpstreamConfig(); err != nil {
+		return nil, err
+	}
+
+	client, err := socks5.NewClient(socks5ProxyAddr, socks5User, socks5Pass, 0, 0)
 	if err != nil {
 		return nil, fmt.Errorf("SOCKS5 client: %w", err)
 	}