curl with SSPI feature supports integrated authentication to a proxy: you don’t need to provide credentials.
The command is the following:
curl –proxy proxyname:8080 –proxy-ntlm -U : https://www.didierstevens.com/index.html
This curl command uses a proxy (–proxy) and authenticates to the proxy (–proxy-ntlm) without providing explicit credentials (-U :).
curl will use an SSPI to perform integrated authentication to the proxy. This is explained on curl’s man page:
If you use a Windows SSPI-enabled curl binary and do either Negotiate or NTLM authentication then you can tell curl to select the user name and password from your environment by specifying a single colon with this option: “-U :”.
curl’s SSPI feature can also be used to authenticate to an internal IIS server.
Windows’ build-in curl version supports SSPI. You can use the version option to check if your version of curl supports SSPI: