I happen to have a few hashes generated with code that did this (it has been changed to use a more "standard" bcrypt call):
$ python3
>>> import hmac
>>> hmac.new(b'The quick brown', b'123456', digestmod='sha1').hexdigest()
'c3b8986510970b778b26c42d954a93411f32f301'
i.e., it calculates hmac.sha1(key=salt, message=password)
while john, by default calculates hmac.sha1(key=password,message=salt)
Is there a way to convince john the ripper to brute force hmac.sha1(key=salt, message=password)
?